Azure AD Application Proxy now with native Tableau support
Hi Everyone,
We’ve heard feedback that you’ve wanted a more streamlined setup for Tableau using Azure AD Application proxy. Today, we are happy to announce that Application Proxy now natively supports Tableau. There are no longer any additional configuration steps required for using it with Application Proxy. We’ve done this by updating our pre-authentication protocol from OpenID Connect protocol to the OAuth 2.0 Code Grant protocol. The switch to the OAuth 2.0 Code Grant protocol also allows Application Proxy to better support more modern applications by only using HTTP redirects that are commonly supported in JavaScript and HTML tags.
How to get started
Newly configured applications for Azure AD Application Proxy will use the updated protocol and behave as expected. Existing applications will not be affected by this change. If you have existing applications that are experiencing problems related to OpenID Connect, such as a broken sign-in experience or expired authentication connection, you will need to update your applications to the new protocol. Follow the steps below to update your application. These steps are necessary to ensure our system updates your existing application to use the OAuth 2.0 Code Grant protocol:
- Sign in to the Azure portal.
- Navigate to Azure Active Directory > Enterprise applications > All applications.
- Select the app you would like to update.
- Temporarily change the Backend Application Timeout setting (or any other setting you would prefer) to be able to trigger a Save. Select Save.
- Note: Although you are changing a property on the application, this will not effect end user access negatively and is safe to perform in a production environment.
- Then change back the Backend Application Timeout to your original setting.
- Select Save. Your application will now be updated to the new protocol.
You can also trigger this update via PowerShell using the following snippet as an example:
$objectId = (Get-AzureAdApplication -SearchString «application_name«).ObjectId
$originalTimeout = (Get-AzureADApplicationProxyApplication -ObjectId $objectId).ApplicationServerTimeout
if ($originalTimeout -eq ‘Default’) {$newTimeout = ‘Long’} else {$newTimeout = ‘Default’}
Set-AzureADApplicationProxyApplication -ObjectId $objectId -ApplicationServerTimeout $newTimeout
Set-AzureADApplicationProxyApplication -ObjectId $objectId -ApplicationServerTimeout $originalTimeout
Note: Replace application_name with the name of your application to fetch the correct ObjectId
We’re excited to release this new functionality, and would love any feedback or suggestions you have to provide! Please send us a note at aadapfeedback@microsoft.com, where we’ll be more than happy to help.
Best,
Jasmine Perez
Program Manager