Azure AD Application Proxy

-Configuration
Azure AD Application Proxy
• Azure Active Directory Application Proxy can integrate on-premises
applications with Azure Active Directory and provide secure access
with minimum changes to the existing infrastructure.
How it works?
How it works?
1. User accessing the published Url (similar to application url which is hosted in Azure )for the application
from the internet. - azure generate public URL for on premises app
2. Redirected to log in page and will be authenticate using Azure AD.
3. After successful authentication, it generates a token and send it to user.
4. Request is forwarded to Azure AD application proxy. Extract User principle name (UPN) and security
principal name (SPN) from the token.
5. Request is forwarded to application proxy connector which is hosted in on-premises. This is act as a
broker service between application proxy module and web application.
6. Application proxy connector requests Kerberos ticket which can use to authenticate web application on
behalf of the user.
7. On-premise AD issue Kerberos ticket.
8. Kerberos ticket used to authenticate in to web app.
9. After successful authentication web app send response to application proxy connector.
10. Application proxy connector send response to the user and he/she can view the web application content.
Prerequisites
• Azure AD Basic or Premium Subscription
• Healthy Directory Sync with on-premises AD
• Server to install Azure Application Proxy Connector (same server
which host web application)
• Supported web application (type of applications are supported)
Demo Setup

In demo environment,
• Azure AD Premium Subscription
• Active Directory 2016 on-premises setup
• Web application running on IIS
Enable Azure AD proxy
Before installing application proxy connector, enable application proxy.
• Log in to Azure as Global Administrator
• Then open Azure Active Directory
• In next window click on Application proxy
• In next window click on Enable Application Proxy. Then it will explain
about feature and click on Yes to enable.
Install Application Connector
Install on same application server.
• Log in to Azure as Global Administrator
• Then go to Azure Active Directory | Application Proxy
• Then in window click on Download connector
• It will redirect to a page where you can download the connector. After Accepting terms
click Download
• Once file is downloaded, double click on AADApplicationProxyConnectorInstaller.exe to
start the connector installation.
• Then it will open up a wizard. Agree to licenses terms and click on install to proceed.
• During the installation, it asks for Azure login details. Provide an account which have
azure global admin privileges.
• After login details validates it will continue with the setup. Once it completes we ready to
publish the application.
Publish Application
Configuration is to publish the application,
• Log in to Azure as Global Administrator
• Then go to Azure Active Directory | Enterprise Applications
• Then in next window, click on New Application
• In categories page, Click on All and then click on on-premises
application
• Then it’s opens a new window where we can provide configuration
data for application.
• Once application is published, we can see it under Enterprises
Application.
Testing