We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.
For more information around feature requests in the Cireson Community click here.
Azure AD authentication support
As SSO via Azure AD becomes more and more utilized, it would great to be able to offer users the same SSO solution across our platforms, including the SM Portal. We are using IWA now, but IIS logs show that many of our users are using a variety of other browsers and/or OS' than those supporting IWA.
I know, that there's an older blog post on how to set it up with an Azure App Proxy, but that is more of a work around, and app proxy is not designed for use in that situation (internal users accessing internal resources), per Microsoft Docs:
Application Proxy is recommended for giving remote users access to internal resources. Application Proxy replaces the need for a VPN or reverse proxy. It is not intended for internal users on the corporate network. These users who unnecessarily use Application Proxy can introduce unexpected and undesirable performance issues.
Native support for Azure AD auth, maybe even an app on Azure Marketplace, would be a great benefit, for us at least.
@Konstantin_Slavin-Bo We use Azure App Proxy internally and whilst it services us well, there is a a CORS inline refresh issue which occurs every 24 hours due to the AAD token expiring and the portal being unable to refresh the token inline.
Having a native mechanism that contines to allow us use the AAD threat intelligence screening and logging/auditing would be great!
I agree. Current workaround is to create an Application Proxy, but I'm not sure if there is a performance hit since it needs to go back and forth from cloud to on-premise every time an authentication check is made. Anyone have experience in this regard? Also, what about deep-links? Can it figure that out etc.
I know that various customers are looking into this, so a native authentication mechanism is much appreciated.
A desperate ping on this 🙈