Enterprise applications - On-premise application published with pass-through but still prompted for password

Question

question

theodorbrander asked · Dec 10, 2019 at 03:11 PM

Enterprise applications - On-premise application published with pass-through but still prompted for password

Hi,

I'm attempting to publish our intranet as an enterprise application with SSO. This works like a charm and I'm able to access it via office.com and also as a published web link via Intune and my phone. But - I have to sign-in each time which is not what I want.

alt text

My settings in application proxy is as follows:

alt text

The end result I wish for is to open the web site from office.com only by logging in the first time. From my phone I wish to use either PIN or bio-metrics, not password.

Any suggestions how to solve this?

With kind regards

Theodor

azure-ad-application-proxy

intranet-login.png (9.1 KiB)

application-proxy.png (17.7 KiB)

2

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BijuThankappan-5910 · Dec 10, 2019 at 03:37 PM

Trying to understand...When you say this works like a charm, does sso work or you meant you were able to publish the app in azure and now looking for how to enable sso across devices for the app?

0 · ·

theodorbrander BijuThankappan-5910 · Dec 11, 2019 at 09:12 AM

Sorry, I should have been more specific. I am referring to the publish itself. The SSO is still an issue however.

0 · ·

Answer 1 · 2019-12-11T02:48:42.3Z

FrankHuMSFT-3200 answered · Dec 11, 2019 at 02:48 AM

Hey TheOdorBrander,

It sounds like you're trying to get your AAD proxy to properly perform Single Sign On. There is actually a chart you can follow that is documented here on how to get SSO to work with your intranet application : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#choosing-a-single-sign-on-method

alt text

It looks like you most likely want to setup a linked sign on scenario :https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on#linked-sign-on

Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions.

1 Share

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

theodorbrander · Dec 11, 2019 at 09:23 AM

Thank you for your reply and suggestions Frank.

Perhaps Linked Sign-on is what I'm looking for and I've now tried it, but I'm still prompted for UN & Password.

I found this article that describes how I should configure linked sign-on, but perhaps I did something wrong?

I copied the 'External Url' (marked yellow in screenshot below) from the Application Proxy tab under the enterprise application blade and used it as the link sign-on URL. alt text

This is not what I usally work with so I am a bit lost here.

Also, the application does not support SAML.

0 · ·

external.png (35.3 KiB)

Answer 2 · 2019-12-17T09:25:02.267Z

theodorbrander answered · Dec 17, 2019 at 09:25 AM

Anyone have any tips?

Share

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question