You have an application that needs to use single sign-on (SSO) between the company’s Azure Active Directory
(Azure AD) and the on-premises Windows Server 2012 R2 Active Directory. You configure the application to
use Integrated Windows Authentication (IWA). You install an Application Proxy connector in the same domain
as the server that is publishing the application.
You need to configure the published application in Azure AD to enable SSO.
What should you do?
A.
Set the external authentication method to IWA.
B.
Set the preauthenticated method to Pass through.
C.
Set the internal authentication method to IWA.
D.
Enable an access rule to require Multi-Factor Authentication.
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd
Explained here how to configure on-prem OWA app with proxy and SSO. Answer looks correct.
http://jackstromberg.com/tag/azure-ad-application-proxy/
0
0
agreed
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd
0
0
Publish your application according to the instructions described in Publish applications with Application Proxy. Make sure to select Azure Active Directory as the Preauthentication Method.
After your application appears in the list of enterprise applications, select it and click Single sign-on.
Set the single sign-on mode to Integrated Windows Authentication.
Enter the Internal Application SPN of the application server. In this example, the SPN for our published application is http/www.contoso.com. This SPN needs to be in the list of services to which the connector can present delegated credentials.
Choose the Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd#configure-single-sign-on
1
0