Publishing WorkZone Web services in Azure Application Proxy

 

Prerequisite:

  • The Azure Application Proxy is set up with an internal Proxy service.
  • The necessary rights are set up.
  • The internal on-premises domain is synced with Entra ID.
  • The certificate for the external URL in place.

Log in to the Microsoft Azure portal.

The example shows the most frequently used Azure features.

Register the WorkZone Mobile app

  1. Go to the Azure Active Directory tab.
  2. Click App registrations.
  3. On the App registration page, click New application registration.
  4. Enter a name for the WorkZone Mobile app.
  5. Select Web app / API in the Application type field.
  6. Enter the URL of WorkZone Mobile in the Sign-on URL field. This is the URL of the server. Users use it to sign in and use WorkZone Mobile.
  7. Tip: See where to find the correct URL of the server:

  1. Click Create.

Enable users to sign in

  1. Click Enterprise applications > All applications.
  2. Select the WorkZone Mobile app with the name you specified above.
  3. Click Properties.
  4. Make sure to enable the Enabled for users to sign-in? and User assignment required? settings.
  5. Click Save.
  6. Click Users and groups.
  7. Click Add user to assign users or groups of users that will have access to WorkZone Mobile.
  8. Click Single sign-on.
  9. Specify the following settings:
  • Select Integrated Windows Authentication in the User Sign-on Mode field.
  • Enter the SPNLukket Service Principal Name of the internal WorkZone Mobile app in the Internal Application SPN field.
  • Select On-premises SAMLukket Security Application Manager account name in the Delegated Login Identity field.
  1. Click Save.
  2. Click Application proxy.
  3. Make sure to enable the following settings (1):
  • Enter the internal URL to access WorkZone Mobile from inside your network in the Internal Url field.
  • The URL must match the external URL.

  • Enter the external URL to access WorkZone Mobile from outside your network in the External Url field.
  • The URL must match the internal URL.

  • Select Azure Active Directory in the Pre Authentication field.
  • In the Connector Group, select LatestReleased.
  • Note: It is highly recommended to add at least three connectors. (2)
  • Under Translate URLs in, disable the settings (3):
    • Headers
    • Application Body

  1. Select a certificate for the external URL (4). Under Certificate, click Click here to view your certificate to view or upload the certificate.
  2. Click Save.