使用應用程式 Proxy 進行單一登入的密碼保存庫Password vaulting for single sign-on with Application Proxy

Azure Active Directory 應用程式 Proxy 可發佈內部部署應用程式,讓遠端員工也可以安全地存取它們,進而幫助您改進生產力。Azure Active Directory Application Proxy helps you improve productivity by publishing on-premises applications so that remote employees can securely access them, too. 在 Azure 入口網站中,您也可以設定這些應用程式的單一登入 (SSO)。In the Azure portal, you can also set up single sign-on (SSO) to these apps. 您的使用者只需要向 Azure AD 驗證,便可以存取您的企業應用程式,而不必再次登入。Your users only need to authenticate with Azure AD, and they can access your enterprise application without having to sign in again.

應用程式 Proxy 支援數個單一登入模式Application Proxy supports several single sign-on modes. 密碼型登入適用於使用使用者名稱/密碼組合進行驗證的應用程式。Password-based sign-on is intended for applications that use a username/password combination for authentication. 當您設定應用程式的密碼型登入您時,您的使用者必須登入一次內部部署應用程式。When you configure password-based sign-on for your application, your users have to sign in to the on-premises application once. 之後,Azure Active Directory 會儲存登入資訊,並且會在您的使用者從遠端存取時,自動將登入資訊提供給應用程式。After that, Azure Active Directory stores the sign-in information and automatically provides it to the application when your users access it remotely.

您應該已經使用應用程式 Proxy 發行並測試您的應用程式。You should already have published and tested your app with Application Proxy. 如果還沒,請依照使用 Azure AD 應用程式 Proxy 發佈應用程式的步驟操作,然後回到這裡。If not, follow the steps in Publish applications using Azure AD Application Proxy then come back here.

為應用程式設定密碼儲存庫存Set up password vaulting for your application

  1. 以系統管理員身分登入 Azure 入口網站Sign in to the Azure portal as an administrator.

  2. 選取 [Azure Active Directory] > [企業應用程式] > [所有應用程式] 。Select Azure Active Directory > Enterprise applications > All applications.

  3. 從清單中選取您要設定 SSO 的應用程式。From the list, select the app that you want to set up with SSO.

  4. 選取 [單一登入] 。Select Single sign-on.

    從應用程式的 概觀 頁面中選取 單一登入

  5. 在 SSO 模式中,選擇 [密碼型登入] 。For the SSO mode, choose Password-based Sign-on.

  6. 在登入 URL 輸入頁面 URL,使用者將在該頁面輸入其使用者名稱和密碼,以登入公司網路外部的應用程式。For the Sign-on URL, enter the URL for the page where users enter their username and password to sign in to your app outside of the corporate network. 這可能是您透過應用程式 Proxy 發佈應用程式時建立的外部 URL。This may be the External URL that you created when you published the app through Application Proxy.

    選擇密碼型登入並輸入您的 URL

  7. 選取 [ 儲存]。Select Save.

測試應用程式Test your app

移至您設定用於遠端存取應用程式的外部 URL。Go to external URL that you configured for remote access to your application. 使用該應用程式的認證登入 (或您設定有存取權之測試帳戶的認證)。Sign in with your credentials for that app (or the credentials for a test account that you set up with access). 一旦您成功登入,應該能夠離開應用程式後再回到應用程式,不需要再次輸入您的認證。Once you sign in successfully, you should be able to leave the app and come back without entering your credentials again.

後續步驟Next steps