How to Make Android and iOS Apps Work with Azure AD App Proxy
Microsoft’s Azure AD Application Proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises. Some apps you would want to publish include SharePoint sites, Outlook Web Access, or any other LOB web applications you have. These on-premises web applications are integrated with Azure AD, the same identity and control platform that is used by O365. End users can access your on-premises applications the same way they access O365 and other SaaS apps integrated with Azure AD. You don’t need to change the network infrastructure or require VPN to provide this solution for your users. This Knowledge Base article provides step by step instructions to make Android and iOS apps work with Azure AD App Proxy.
How to Make Android and iOS Apps Work with Azure AD App Proxy
Appdome is a no-code mobile app security platform designed to add security features in mobile apps.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.
Likewise, there are no required infrastructure changes and no dependency on SAML, OAuth, OpenID Connect or any other authentication standard inside the app. Users merely upload mobile apps, select the Azure AD Application Proxy service and click “Build My App.” The Appdome technology adds Azure AD Application proxy access and relevant standards, frameworks and more to the app automatically, with no manual development work at all.
Using Appdome, mobile apps will access their web application through Microsoft Azure AD Application proxy as if Azure AD Application Proxy access was natively coded to the app. Appdome for Azure AD Application Proxy is compatible with mobile apps built in any development environment including Native Android and iOS apps, hybrid apps and non-native apps built-in Xamarin, Cordova, and React Native, Ionic and more. This streamlines implementations, cuts development work, and ensures a guaranteed and consistent integration of Azure AD Application Proxy access to any mobile app.
The following diagram illustrates the Single-Sign-On flow within the app when accessing a web application through the Azure Application Proxy:
- The application sends a request to reach a web application through its external URL configured in Azure AD Application Proxy
- TheAzure AD Application Proxy protecting the resource responds with a 30X response since the request is not authorized
- Appdome identifies the response for the protected resource and opens an internal Webview within the Fused App
- The internal Webview is opened on the external URL and redirects to an Azure login page
- The user can now authenticate his user. During the authorization session access cookies are received and stored
- TheAzure AD Application Proxy redirects the Webview to the successful URI (External URL) since the authorization succeeded
- Appdome identifies the successful URI redirect and closes the internal Webview, thus returning the view to the original app
- Once the app tries to reach the protected resource, Appdome will attach the authorization cookies to the outgoing request, the gateway (Azure AD Application Proxy) will trust these credentials, and the app will reach the protected resource successfully
Prerequisites for using Appdome for Azure AD Application Proxy
In order to use Appdome’s no code implementation of Microsoft Azure AD Application Proxy access on Appdome, you’ll need:
- Appdome account IDEAL or higher
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Azure AD Application Proxy
- On premise configured web application
- External URL to access the on premise web application through the Azure AD Application Proxy
- Signing Credentials (e.g., AD user and password)
5 Easy Steps to Make Android and iOS Apps Work with Azure AD App Proxy
Follow these step-by-step instructions to add Azure AD Application Proxy access to Any Mobile App:
Upload a Mobile App to Your Account
From the “Build” tab, Add Azure AD Application Proxy Access
Select the Build Tab. Note: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select Access. Note: a blue highlight will appear showing the category is active.
- Click on the toggle to enable Mobile Access and MicroVPN Profiles
- Under the Access profiles, open the Scheme drop-down list, select Azure AD Application Proxy
- Add the Azure Hub URL
- Add the Azure Protected Resources. Protected resources may include ‘*’ as a wildcard as seen in the screenshot below
- Click Build My App
The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Azure AD Application Proxy access to the mobile app in seconds. For example, the technology of Webview authentication, work that ordinarily a developer would need to do.
Congratulations! You now have a mobile app fully integrated with Microsoft Azure AD Application Proxy access.
After Adding Microsoft Azure AD Application Proxy Access to a Mobile App on Appdome
After you have added Azure AD Application Proxy access to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Built App
Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the Azure AD Application Proxy Access enabled Appdome-Built App (Required)
In order to deploy an Appdome-Built app, it must be signed. Signing iOS apps and Signing Android apps are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Built App to a Mobile Device
Once you have signed your Appdome-Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.
That is it – Enjoy Appdome for Microsoft Azure AD Application Proxy access in your app!
How Do I Learn More?
More information on Microsoft Azure AD Application Proxy can be found here.
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.