Objective: Add Azure AD user and demonstrate Microsoft Access Panel

Add Users into Azure AD Directory

Adding a user to this application for access, I added an existing user Test1 in my SPB2B AD Directory to this application.

Go to the Enterprise Application > Users and Groups

User Test Case

To access the SharePoint app you can either go through the My Apps portal at https://myapps.microsoft.com or go directly to the published SharePoint app URL at https://roykimspublishedsharepoint-spb2b.msappproxy.net/. Either way, you will be first prompted for Azure AD credentials. In this case, the username is test1@spb2b.onmicrosoft.com.

My Apps portal:

For the published SharePoint application, you will be prompted again for any login credentials of the domain user account. At this point in the configuration, there is no single sign-on with Azure AD login.

To recap:

1. Logged into My Apps Portal such that user was authenticated against Azure AD as test1@spb2b.onmicrosoft.com
2. When you click the SharePoint app URL, you will get prompted for credentials that are only on-premise AD domain account credentials. This is not a desirable user experience.
3. To solve this problem, one way is to setup single sign-on with Kerberos constrained delegation with Azure App Proxy and Azure AD Connect. This is will be discussed in the next blog.

Next: Azure AD Azure Application Proxy with a Claims Aware Web App – Part 5