Azure Application Proxy

DavidMartin · ‎07-02-2018

Has anyone yet had any experience of integrating an On-Premise ArcGIS Enterprise deployment with Azure AD Application Proxy? I'm particularly interested in achieving Single Sign On for On Premise users as well as external users.

I've not yet been able to perform a test, but would be interested to hear of how others have got on with getting the two to work together, and whether there are any lessons to be learnt?

AdamEversole1 · ‎01-07-2019

Hello David,

We have documentation on how to configure Portal for ArcGIS with Azure AD:

- http://enterprise.arcgis.com/en/portal/latest/administer/windows/configure-azure-active-directory.ht...

This looks like the Documentation from the Azure side of things:

- https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/arcgisenterprise-tutorial

I've not actually set this up on my own but potentially someone in the community has and can share the experience had on this thread.

Hope this helps!

- Adam

FarmersBranchBrian · ‎08-05-2019

Has anyone had any luck with this? I've managed to get the proxy app working but it breaks SAML integration when done, rendering it all but useless.

GISCoordinator2 · ‎09-22-2020

We are also having issues trying to implement Azure Enterprise Application Proxy. We have it working with SAML and working really well in browsers, but when it comes to ArcGIS Collector App this does not.

-Steffen

KristineSmaadal1 · ‎01-18-2021

Hi Steffen,
When you got the AAP to work with ArcGIS Enterprise in browsers, did you use Pre-authentication or Pass through? I am interested in using AAP for webapplications hosted in Portal, but I need it to work with pre authentication.

- Kristine

GlenShepherd · ‎09-24-2020

Hi David Martin,

You may want to take a look at your 'pre-authentication' configuration for the Azure App Proxy.

The "Azure Active Directory" setting causes a 302 redirect for users to sign in with Azure AD credentials and is currently known to be problematic for the ArcGIS Field Apps suite.

Using the "Passthrough" setting won't require users to authenticate with Azure AD and client requests will be forwarded to ArcGIS Enterprise. The following link may provide further detail: Tutorial - Add an on-premises app - Application Proxy in Azure AD | Microsoft Docs

credit to Philip McNeilly for this product support knowledge.

BanchanaPandey · ‎01-27-2021

@GlenShepherd @AdamEversole1

Is there a document to configure stand alone arcgis server through azure app proxy? this arcgis server is not federated to portal. it uses the web tier authentication and has web adaptor.

GISCoordinator2 · ‎12-10-2024

Six years from David's initial report, and we still have no information from ESRI Inc if they will ever support pre-authentication in the Field Apps Suite. I do wonder how is it not a bigger issue, or does enterprise server security not play a part for most players? -Steffen

PatOBrien · ‎02-12-2025

@GISCoordinator2 Steffen my team have done this one to death here on the forums, via ESRI tech support & also ESRI accounts management. The question was put to the ESRI product team and I got this response on 1st Feb 2024:
"This is a well-understood requirement that Esri is actively investigating. Unfortunately, it is also a complex requirement because of the lack of standardization across the industry and we cannot give a specific timeline for when they may see support show up across our mobile apps and ArcGIS Enterprise. "

Having the Azure App Proxy pre-authentication setting set to Microsoft Entra ID is standard and globally adopted, therefore I disagree with the ESRI statement.

No solution.