configure the App in Azure Portal

[pedrr]

How should the App in the Azure Portal be configured. for SSO with WIA the SPN in mandatory...

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: fc350ba1-81d0-e336-c0e0-e644c18af5f7
• Version Independent ID: a7268bd1-ac11-a044-eaea-59a842136f99
• Content: Azure Active Directory Domain Services: Deploy Azure Active Directory Application Proxy
• Content Source: articles/active-directory-domain-services/active-directory-ds-deploy-azure-app-proxy.md
• Service: active-directory-ds
• GitHub Login: @mahesh-unnikrishnan
• Microsoft Alias: maheshu

[MohitGargMSFT]

@pedrr Thanks for your feedback! We will investigate and update as appropriate.

[SaurabhSharma-MSFT]

@pedrr Yes. Please refer to the document [Kerberos Constrained Delegation for single sign-on to your apps with Application Proxy] (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd) for more details.

[pedrr]

@SaurabhSharma-MSFT in an environment where I have full domain admin rights you are right. There I am able to specify a SPN on the service an set constrained delegation on the AAD Proxy computer account to this SPN. In Resource Based Constrained Delegation I do not specify any SPN cause I have no domain admin rights in a managed domain.

[MohitGargMSFT]

@pedrr Thanks, you are right. This section Enable resource-based Kerberos constrained delegation for the Azure AD Application Proxy connector in the document helps with the steps on the same.

[MohitGargMSFT]

@pedrr We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.