Azure AD Application Proxy with a Claims Aware Web App – Part 4

Objective: Add Azure AD user and demonstrate Microsoft Access Panel

Add Users into Azure AD Directory

Adding a user to this application for access, I added an existing user Test1 in my SPB2B AD Directory to this application.

Go to the Enterprise Application Users and Groups

User Test Case

To access the SharePoint app you can either go through the My Apps portal at or go directly to the published SharePoint app URL at Either way, you will be first prompted for Azure AD credentials. In this case, the username is

My Apps portal:

For the published SharePoint application, you will be prompted again for any login credentials of the domain user account. At this point in the configuration, there is no single sign-on with Azure AD

To recap:

  1. Logged into My Apps Portal such that user was authenticated against Azure AD as
  2. When you click the SharePoint app URL, you will get prompted for credentials that are only on-premise AD domain account credentials. This is not a desirable user experience.
  3. To solve this problem, one way is to setup single sign-on with Kerberos constrained delegation with Azure App Proxy and Azure AD Connect. This is will be discussed in the next blog.
Next: Azure AD Azure Application Proxy with a Claims Aware Web App – Part 5