question

theodorbrander avatar image
theodorbrander asked ·

Enterprise applications - On-premise application published with pass-through but still prompted for password

Hi,

I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is not what I want.

alt text

My settings in application proxy is as follows:

alt text

The end result I wish for is to open the web site from office.com only by logging in the first time. From my phone I wish to use either PIN or bio-metrics, not password.

Any suggestions how to solve this?

With kind regards

Theodor


azure-ad-application-proxy
2 comments
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Trying to understand...When you say this works like a charm, does sso work or you meant you were able to publish the app in azure and now looking for how to enable sso across devices for the app?

0 Votes 0 · ·

Sorry, I should have been more specific. I am referring to the publish itself. The SSO is still an issue however.

0 Votes 0 · ·
FrankHuMSFT-3200 avatar image
FrankHuMSFT-3200 answered ·

Hey TheOdorBrander,

It sounds like you're trying to get your AAD proxy to properly perform Single Sign On. There is actually a chart you can follow that is documented here on how to get SSO to work with your intranet application : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

alt text

It looks like you most likely want to setup a linked sign on scenario :https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#linked-sign-on


Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your reply and suggestions Frank.

Perhaps Linked Sign-on is what I'm looking for and I've now tried it, but I'm still prompted for UN & Password.

I found this article that describes how I should configure linked sign-on, but perhaps I did something wrong?

I copied the 'External Url' (marked yellow in screenshot below) from the Application Proxy tab under the enterprise application blade and used it as the link sign-on URL. alt text

This is not what I usally work with so I am a bit lost here.

Also, the application does not support SAML.

0 Votes 0 · ·
external.png (35.3 KiB)
theodorbrander avatar image
theodorbrander answered ·

Anyone have any tips?

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.