Azure Active Directory (AD) Application Proxy helps you support remote workers by publishing on-premises applications to be accessed over the internet. Through the Azure portal, you can publish applications that are running on your local network and provide secure remote access from outside your network.
This article walks you through the steps to publish an on-premises app with Application Proxy. After you complete this article, you'll be ready to configure the application with single sign-on, personalized information, or security requirements.
If you're new to Application Proxy, learn more about this feature with the article How to provide secure remote access to on-premises applications.
Publish an on-premises app for remote access
If this is your first time using Application Proxy, choose an application that's already set up for password-based authentication. Application Proxy supports other types of authentication, but password-based apps are the easiest to get up and running quickly.
- Sign in as an administrator in the Azure portal.
- Select Azure Active Directory > Enterprise applications > Add.
- On the Categories page, select On-premises application.
Provide the following information about your application:
Name: The name of the application that will appear on the access panel.
Internal URL: The address that the Application Proxy Connector uses to access the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules.
External URL: The address your users will go to in order to access the app from outside your network.
Pre Authentication: How Application Proxy verifies users before giving them access to your application.
- Azure Active Directory: Application Proxy redirects users to sign in with Azure AD, which authenticates their permissions for the directory and application. We recommend keeping this option as the default.
- Passthrough: Users don't have to authenticate against Azure Active Directory to access the application. You can still set up authentication requirements on the backend.
- Translate URL in Headers?: Choose whether to translate the URL in the headers, or keep the original.
- Connector Group: Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to Default and you'll see a warning message asking you to create a connector group.
Add a test user
To test that your app was published correctly, add a user account that you have access to.
- Back on the Quick start blade, select Assign a user for testing.
- On the Users and groups blade, select Add.
- On the Add assignment blade, select Users and groups then choose the account you want to add.
- Select Assign.
Test your published app
In your browser, navigate to the external URL that you configured during the publish step. You should see the start screen, and be able to sign in with the test account you set up.