Configuring Azure Application Proxy

Start Screen is designed to receive the current users email address in the azure-upn header. When coupled with Single Sign On the user gets a seamless experiance.

1. Open Azure Active Directory.
2. Open Applications > Enterprise Applications and select Application Proxy from the sidebar.
   • If you don't already setup 1, ideally 2, connectors on site.
3. Open Configure an app.
   • Set the Internal Url to http://docker.host.name:3000/
   • Set the External Url to any subdomain.
   • Set Pre Authentication to Azure Active Directory.
   • Upload an SSL Certificate that covers the External Url.
4. Setup the DNS Records as instructed in Configure an app.
5. Once the app has been created go into it's properties and under Manage select Single sign-on.
   • Choose the single sign-on mode of Header-based.
   • Create the header azure-upn with the value user.userprincipalname.
6. Once saved you will be able to access the start screen at your external url with seamless single sign on.