Azure AD | Secure Web Application Publishing
Azure Active Directory Application Proxy is a very easy and secure way for web application publishing using the extremely secure Azure AD authentication mechanism. There are a tone of features, like SSO and 2 Factor Authentication. But lets see the basic here. You have a web application that you are using internal to your network, not even https, or you have developed a web application and you want an easy and safe way to publish it without having to wary about authentication or VPN. Use the Azure AD Application Proxy following the following simple steps.
For this example I have used a Windows Server 2016 with IIS and the SugarCRM application using the IIS Web Platform Installer. The internal link is http://appproxy01/sugarcrm/ that opens the SugarCRM login page.
Navigate to Azure Portal and go to Azure Active Directory. Mind that Azure Active Directory Basic or Premium license is required. You can start a trial Azure AD Premium or Enterprise Mobility Suite E3 that includes Azure AD Premium.
Fist of all you need to enable Application proxy. Select Enterprise applications –> Application proxy and click Enable & Download the connector clicking the “Connector” link.
Next, install the connector to the web server or to an other domain member server. It requires Windows Server 2012 R2.
At the installation process it will ask to login with an Azure AD account that has access to publish applications.
Once installed, Run the Connector Troubleshooter to verify that the connector will run properly.
After the successful installation,back to the Azure Portal the server FQDN and the Public IP will appear under the Default Connector.
Now it is time to publish the application. Go to “All applications” –> +ADD –> On-premises application.
Give a name, the internal Url that is used to access the application at your local network and press Add. Note the External URL.
The next step is to assign users. Following the quick steps, press “Assign a user for testing”
an add at least a user and you are ready to test the application.
Now lets test the published application
Open your favorite browser and navigate the the External URL. You will be navigated to the Microsoft online service logon page. Once authenticated with your Azure AD account the SugarCRM login page will be served.
This is the simplest way to publish a web application without having to wary for Authentication and Security.
Of course if the application supports active directory authentication then it is very easy to setup SSO, but we will analyze that at the next post.
Pantelis Apostolidis is a Cloud Solutions Architect at Microsoft and an ex Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.