1. Configure an application for secure external access using Microsoft Azure AD and PingAccess for Azure AD.
  2. Ensure that the application is functioning as expected by signing on using the application's external URL.

    For example, http://app-tenant.msappproxy.net/.

  3. In PingAccess, create a new virtual host that maps to the PingAccess host.

    For example, <PingAccessServerName>:3000.

  4. Assign the new virtual host to the application in addition to the virtual host specified for Azure access.
  5. In Azure AD, go to the App Registrations window and select the application.
  6. Click Reply URLs and add the internal PingAccess reply URL.

    For example, <PingAccessServerName>:3000/pa/oidc/cb.

    Note:

    If you have the Use context root as reserved resource base path check box enabled on your PingAccess application, enter the application's context root before the reserved application context root.

    Using the previous example, the reply URL would be <PingAccessServerName>:3000/myApp/pa/oidc/cb if your application had a context root of myApp.

  7. Save the changes and test the configuration by signing on using the application's local URL.