Azure AD Azure Application Proxy with SharePoint Server 2013/2016 Blog Part 4

Objective: Add Azure AD user and demonstrate Microsoft Access Panel

Add Users into Azure AD Directory

Adding a user to this application for access, I added an existing user Test1 in my SPB2B AD Directory to this application.

Go to the Enterprise Application Users and Groups
azure-ad-azure-application-proxy-with-share-point-server-2013-2016-blog-part-4

User Test Case

To access the SharePoint app you can either go through the My Apps portal at https://myapps.microsoft.com or go directly to the published SharePoint app URL at https://roykimspublishedsharepoint-spb2b.msappproxy.net/. Either way, you will be first prompted for Azure AD credentials. In this case, the username is test1@spb2b.onmicrosoft.com.

My Apps portal:
azure-ad-azure-application-proxy-with-share-point-server-2013-2016-blog-part-4.2png

For the published SharePoint application, you will be prompted again for any login credentials of the domain user account. At this point in the configuration, there is no single sign-on with Azure AD login.azure-ad-azure-application-proxy-with-share-point-server-2013-2016-blog-part-4.3

To recap:

  1. Logged into My Apps Portal such that user was authenticated against Azure AD as test1@spb2b.onmicrosoft.com
  2. When you click the SharePoint app URL, you will get prompted for credentials that are only on-premise AD domain account credentials. This is not a desirable user experience.
  3. To solve this problem, one way is to setup single sign-on with Kerberos constrained delegation with Azure App Proxy and Azure AD Connect. This is will be discussed in the next blog.
Next: Azure AD Azure Application Proxy with SharePoint Server 2013/2016 Blog Part 5
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s