1. Configure an application for secure external access using Microsoft Azure AD and PingAccess for Azure AD.
  2. Ensure that the application is functioning as expected by signing on using the applications external URL.
    For example, http://app-tenant.msappproxy.net/.
  3. In PingAccess, create a new virtual host that maps to the PingAccess host.
    For example, <PingAccessServerName>:3000.
  4. Assign the new virtual host to the application in addition to the virtual host specified for Azure access.
  5. In Azure AD, go to the App Registrations window and select the application.
  6. Click Reply URLs, and add the internal PingAccess reply URL.
    For example, <PingAccessServerName>:3000/pa/oidc/cb.
  7. Save the changes and test the configuration by signing on using the application's local URL.