You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -25,6 +25,9 @@ Now that we have determined to use on-premises Multi-Factor Authentication Serve
25
25
26
26
## Plan your deployment
27
27
28
+
> [!WARNING]
29
+
> Starting in March of 2019 MFA Server downloads will only be available to paid tenants. Free/trial tenants will no longer be able to download or generate and use activation credentials.
30
+
28
31
Before you download the Azure Multi-Factor Authentication Server, think about what your load and high availability requirements are. Use this information to decide how and where to deploy.
29
32
30
33
A good guideline for the amount of memory you need is the number of users you expect to authenticate on a regular basis.
@@ -87,6 +90,9 @@ If you aren't using the Event Confirmation feature, and your users aren't using
87
90
88
91
## Download the MFA Server
89
92
93
+
> [!WARNING]
94
+
> Starting in March of 2019 MFA Server downloads will only be available to paid tenants. Free/trial tenants will no longer be able to download or generate and use activation credentials.
95
+
90
96
Follow these steps to download the Azure Multi-Factor Authentication Server from the Azure portal:
91
97
92
98
1. Sign in to the [Azure portal](https://portal.azure.com) as an administrator.
@@ -100,9 +106,6 @@ Follow these steps to download the Azure Multi-Factor Authentication Server from
100
106
101
107
## Install and configure the MFA Server
102
108
103
-
> [!WARNING]
104
-
> Starting in March of 2019 MFA Server downloads will only be available to paid tenants. Free/trial tenants will no longer be able to download or generate and use activation credentials.
105
-
106
109
Now that you have downloaded the server you can install and configure it. Be sure that the server you are installing it on meets requirements listed in the planning section.
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/application-proxy-configure-custom-domain.md
+3-1
Original file line number
Diff line number
Diff line change
@@ -68,7 +68,9 @@ When you have those three requirements ready, follow these steps to set up your
68
68
### Certificate format
69
69
There is no restriction on the certificate signature methods. Elliptic Curve Cryptography (ECC), Subject Alternative Name (SAN), and other common certificate types are all supported.
70
70
71
-
You can use a wildcard certificate as long as the wildcard matches the desired external URL.
71
+
You can use a wildcard certificate as long as the wildcard matches the desired external URL.
72
+
73
+
You cannot use a certificate issued by your own public key infrastructure (PKI) due to security considerations.
72
74
73
75
### Changing the domain
74
76
All verified domains appear in the External URL dropdown list for your application. To change the domain, just update that field for the application. If the domain you want isn't in the list, [add it as a verified domain](../fundamentals/add-custom-domain.md). If you select a domain that doesn't have an associated certificate yet, follow steps 5-7 to add the certificate. Then, make sure you update the DNS record to redirect from the new external URL.
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-on-premises-apps.md
+4-3
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.workload: identity
12
12
ms.tgt_pltfrm: na
13
13
ms.devlang: na
14
14
ms.topic: conceptual
15
-
ms.date: 03/12/2019
15
+
ms.date: 05/20/2019
16
16
ms.author: mimart
17
17
ms.reviewer: japere
18
18
ms.custom: it-pro
@@ -47,8 +47,9 @@ Keep in mind the following when you're going through the tutorial:
47
47
1. Select **SAML** as the single sign-on method.
48
48
1. In the **Set up Single Sign-On with SAML** page, edit the **Basic SAML Configuration** data, and follow the steps in [Enter basic SAML configuration](configure-single-sign-on-non-gallery-applications.md#saml-based-single-sign-on) to configure SAML-based authentication for the application.
49
49
50
-
* Make sure the **Reply URL** matches or is a path under the **External URL** for the on-premises application that you published through Application Proxy. If your application requires a different **Reply URL** for the SAML configuration, add this as the **first** URL in the list and keep the **External URL** as an additional URL, ordered after the first.
51
-
* Ensure that the application also specifies the correct **Reply URL** or Assertion Consumer Service URL to use for receiving the authentication token.
50
+
* Make sure the **Reply URL** matches or is a path under the **External URL** for the on-premises application that you published through Application Proxy.
51
+
* If your application requires a different **Reply URL** for the SAML configuration, add this as an **additional** URL in the list and mark the checkbox next to it to designate it as the primary **Reply URL** to send IDP-initiated SAML responses to.
52
+
* For an SP-initiated flow ensure that the application also specifies the correct **Reply URL** or Assertion Consumer Service URL to use for receiving the authentication token.
0 commit comments