Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,597 questions
Anyone have any tips?
Enterprise applications - On-premise application published with pass-through but still prompted for password
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 30%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
theodorbrander
51
Reputation points
Hi,
I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is not what I want.
My settings in application proxy is as follows:
The end result I wish for is to open the web site from office.com only by logging in the first time. From my phone I wish to use either PIN or bio-metrics, not password.
Any suggestions how to solve this?
With kind regards
Theodor
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 65%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBT%3C/text%3E%3C/svg%3E)
Biju Thankappan 101 Reputation points2019-12-10T15:37:12.153+00:00 Trying to understand...When you say this works like a charm, does sso work or you meant you were able to publish the app in azure and now looking for how to enable sso across devices for the app?
-
theodorbrander 51 Reputation points
2019-12-11T09:12:27.43+00:00 Sorry, I should have been more specific. I am referring to the publish itself. The SSO is still an issue however.
Sign in to comment
2 answers
Sort by: Newest
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
FrankHu-MSFT 976 Reputation points2019-12-11T02:48:42.3+00:00 Hey TheOdorBrander,
It sounds like you're trying to get your AAD proxy to properly perform Single Sign On. There is actually a chart you can follow that is documented here on how to get SSO to work with your intranet application : https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method
It looks like you most likely want to setup a linked sign on scenario :https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#linked-sign-on
Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.
-
theodorbrander 51 Reputation points
2019-12-11T09:23:30.093+00:00 Thank you for your reply and suggestions Frank.
Perhaps Linked Sign-on is what I'm looking for and I've now tried it, but I'm still prompted for UN & Password.
I found this article that describes how I should configure linked sign-on, but perhaps I did something wrong?
I copied the 'External Url' (marked yellow in screenshot below) from the Application Proxy tab under the enterprise application blade and used it as the link sign-on URL.
This is not what I usally work with so I am a bit lost here.
Also, the application does not support SAML.
Sign in to comment -