Enterprise applications - On-premise application published with pass-through but still prompted for password

Question

question

theodorbrander asked Dec 10, '19 theodorbrander answered Dec 17, '19

Enterprise applications - On-premise application published with pass-through but still prompted for password

Hi,

I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is not what I want.

alt text

My settings in application proxy is as follows:

alt text

The end result I wish for is to open the web site from office.com only by logging in the first time. From my phone I wish to use either PIN or bio-metrics, not password.

Any suggestions how to solve this?

With kind regards

Theodor

azure-ad-application-proxy

intranet-login.png (9.1 KiB)

application-proxy.png (17.7 KiB)

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BijuThankappan-5910 · Dec 10, 2019 at 03:37 PM

Trying to understand...When you say this works like a charm, does sso work or you meant you were able to publish the app in azure and now looking for how to enable sso across devices for the app?

0 ·

theodorbrander BijuThankappan-5910 · Dec 11, 2019 at 09:12 AM

Sorry, I should have been more specific. I am referring to the publish itself. The SSO is still an issue however.

0 ·

Answer 1 · 2019-12-11T02:48:42.3Z

FrankHuMSFT-3200 answered Dec 11, '19 theodorbrander commented Dec 11, '19

Hey TheOdorBrander,

It sounds like you're trying to get your AAD proxy to properly perform Single Sign On. There is actually a chart you can follow that is documented here on how to get SSO to work with your intranet application : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

alt text

It looks like you most likely want to setup a linked sign on scenario :https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#linked-sign-on

Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

theodorbrander · Dec 11, 2019 at 09:23 AM

Thank you for your reply and suggestions Frank.

Perhaps Linked Sign-on is what I'm looking for and I've now tried it, but I'm still prompted for UN & Password.

I found this article that describes how I should configure linked sign-on, but perhaps I did something wrong?

I copied the 'External Url' (marked yellow in screenshot below) from the Application Proxy tab under the enterprise application blade and used it as the link sign-on URL. alt text

This is not what I usally work with so I am a bit lost here.

Also, the application does not support SAML.

0 ·

external.png (35.3 KiB)

Answer 2 · 2019-12-17T09:25:02.267Z

theodorbrander answered Dec 17, '19

Anyone have any tips?

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question