Configuring Azure AD Application Proxy

Many  Organizations have their web portals and applications which are hosted on- premise and there are many methods to give access to these applications on internet

One of the traditional methods is to have a Virtual Private Network configured, which will establish a secured connection between corporate network and internet users

Azure helps us to give access to in-house portals to internet with the help of Azure Application Proxy which avoids the need of using a separate virtual private Network configuration

For this demo, I am using Azure classic portal ( https://manage.windowsazure.com )

Components for Configuring Azure Application Proxy

  1. Azure Subscription
  2. Azure Application Proxy connector ( This can be downloaded from Azure Portal )
  3. An in-house portal which can be added to Azure

Azure Subscription :

you can get a free trial subscription from https://manage.windowsazure.com

If you have any existing Azure subscription ( either through EMS or O365, login to the Azure portal with Global Admin credentials )

Configuration of Azure Application Proxy 

Navigate to Azure portal from https://manage.windowsazure.com

Azure Sign in page

Navigate to Active Directory

AD Navigation

Click on Dashboard and scroll down to the end, where you can see Application Proxy

Click on Configure

Application Proxy enable

Scroll down to Application Proxy section

By default, Application proxy is disabled. Switch to enabled

Download the connector from the url

Download APplication proxy connector

It is recommended to install the connector in Windows Server 2012 R2 Server which has access to Corporate Network as well as internet

Connector installation 1

The installation will prompt for the Azure Admin credentials

connector login

Run the Connector troubleshooter

Connector Finish

You will be prompted with a command prompt on successful installation

Cmd prompt

Go back to the azure portal ( https://manage.windowsazure.com ) and come to the section of application proxy through the dashboard

Click on Manage Connectors if you install multiple connectors for redundancy

Manage Connectors

Connector status

Adding in-house portal to Azure :

For this demo, I am using an in-house portal http://*****mysalary/, which can be accessed only through my corporate network

Url : http://*****mysalary/

kartik salary page.PNG

Now, I will add this portal in Azure and configure it, to access from internet

Access Azure portal ( https://manage.windowsazure.com )

Navigate to Active Directory and click on Applications

Applications

Click on Add button which is at the bottom of the page and select the third option which is “publish an application that will be accessible from outside your network”

Add application

Give the details of the portal

portal name

Add the users to which you want to give access to this portal and navigate to Configure section as highlighted below

configuring portal

External url is the one which will allow you to access this portal through internet as you can see it has https in the url

payroll config2.PNG

To access this portal, Navigate to https://myapps.microsoft.com and sign in with Azure credentials

This will give you the list of applications and portals for which you were given access from Azure

In our scenario, payroll proxy is the App which will allow us to access my in-house portal through internet

Myapps.PNG

I am able to login to the portal through internet and you can see the url with https://*****

payroll https.PNG

Cross Check :

If you want to cross check whether proxy is configured correctly, you can access the app in mobile phone

Download “My Apps” application from Play store which will provide the list of applications under your login

List of apps available :

My apps in mobile (1).png

As you can see, I am able to access my payroll portal through https://***  in my mobile phone

payroll proxy in mobile.png

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s