Web Application Proxies allow an organisation to make hosted web resources available for external access whilst at the same time managing the risk of this access by controlling authentication and authorization policies on the Active Directory Federation Services (AD FS).
AD FS provides identity federation and Single Sign-On (SSO) capabilities for users accessing applications in an AD FS-secured environment, or with federated partner organisations.
Web Application Proxy works in two main ways; it makes organisations capable of giving end users outside of an organisation selective access to applications that are hosted securely in The Bunker, and also serves as a barricade between those applications and the internet. By using AD FS, the service ensures that only users with authenticated and authorized devices can access corporate applications.
It provides reverse proxy functionality for web applications hosted in The Bunker and allows users on most devices to access internal web applications from external networks.
It is possible to configure additional features provided by AD FS, including: Workplace Join, Multifactor Authentication (MFA), and multifactor access control. Also WAP can be part of a DirectAccess infrastructure deployment, or when securely publishing Exchange or SharePoint services.
Make hosted web resources available for external access whilst managing risk
Multi-factor authentication - Pre-authentication with AD FS provides support for smart cards and device authentication
Single sign-on (SSO) for seamless access to applications without re-prompting for credentials after initial authentication
Make hosted web resources available for external access, while managing the risk of access with controlled authentication and authorisation policies on the Active Directory Federation Services (AD FS)
The Bunker have vast experience in the deployments of AD FS and Web Application Proxy solutions helping to plan and deploy a platform that will allow external users access to your web applications securely.
Our team is an extension of your own, and with our 24/7/365 service desk, we are available when you need us.
AD FS uses a claims-based Access Control Authorisation Model to maintain application security and implement federated identity.
Claims-based authentication is the process of authenticating a user based on a set of claims about its identity contained in a trusted token.
A federation server in the user’s network authenticates the user through the standard means in Active Directory Domain Services. It then issues a token containing a series of claims about the user, including its identity. This token is sent to the federation server on the Resources/Services side (the external network that the user is trying to access). The other Federation Server validates the token for being trustworthy. It then issues another token for its local servers to accept the claimed identity.
This allows a system to provide controlled access to its resources or services to a user that belongs to another network without requiring the user to authenticate directly to the system and without the two systems sharing a database of user identities or passwords.