![]() As described in How single sign-on with KCD works, Application Proxy needs this user object to impersonate the user and get a Kerberos token to the app. IWA and KCD require a user object in the on-premises Windows Server Active Directory to complete this authorization. The application must be able to perform user access checks, and grant access to the correct resources. For more information, see Tutorial: Add an on-premises application for remote access through Application Proxy.Īuthorization via a B2B user object in the on-premises directory. To do this, you must publish the on-premises app through the Azure AD Application Proxy. B2B users must be able to authenticate to the on-premises application. To provide B2B users access to on-premises applications that are secured with integrated Windows authentication and Kerberos constrained delegation, you need the following components:Īuthentication through Azure AD Application Proxy. You should be able to open the app and access it with single sign-on. Sign in with the Azure AD B2B account that you assigned to the app.Open a browser and navigate to the external URL that you created when you published the app.When you've completed the steps above, your app should be up and running. Assign Azure AD B2B Users to the SAML Application.Publish the on-premises SAML-based application through Azure AD Application Proxy by following the instructions in SAML single sign-on for on-premises applications with Application Proxy.For instructions, see Publish applications using Azure AD Application Proxy. Enable Application Proxy and install a connector.If your on-premises app uses SAML-based authentication, you can easily make these apps available to your Azure AD B2B collaboration users through the Azure portal using Azure AD Application Proxy. These on-premises apps can use SAML-based authentication or integrated Windows authentication (IWA) with Kerberos constrained delegation (KCD). As an organization that uses Azure Active Directory (Azure AD) B2B collaboration capabilities to invite guest users from partner organizations to your Azure AD, you can now provide these B2B users access to on-premises apps.
0 Comments
Leave a Reply. |