Today, I have the privilege to tell you about the public preview of two new features for Azure AD Application Proxy that make it even easier to provide secure remote access to on-premises applications:
- Support for SAML single sign-on (SSO)
- Support for finer grained management of application cookies
SAML SSO support
The public preview for SAML SSO support with Application Proxy is now available.
Whether you already have an on-premises SAML application that’s ready to publish or are looking to modernize your application’s authentication protocol, you now have an easy way to provide external access and SSO to your application.
Setting up SAML SSO with your on-premises application uses the same standard pattern as setting up SAML SSO for your cloud applications. The application must be using SAML authentication with Azure AD as the identity provider. You can also use this with the recently released preview for SAML token encryption. To learn more about configuring SAML SSO with Application Proxy see our documentation.
Application cookie settings
To help meet your security and compliance requirements, the following settings for Application Proxy access and session cookies are now available:
- Use HTTP-Only Cookie—Protects cookies against actions like copying or modifying the cookies from client-side scripting.
- Use Secure Cookie—Ensures cookies are only transmitted over TLS secure channels to prevent cookies from being observed by unauthorized parties.
- Use Persistent Cookie—Sets the access cookie to not expire when the web browser is closed and persists for the lifetime of the access token.
For full details and recommendations about these cookie settings, see Cookie settings for accessing on-premises applications in Azure AD.
As always, we’d love to receive any suggestions or feedback you have, so please comment below or on the Azure AD feedback forum.
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
© Microsoft. This article was originally published by Microsoft Azure Active Directory Identity Blog. You can find the original article here.