How does application validate the authenticated token from Azure Active Directory?

Question

I have an application which is sitting behind WAF (Web Application Firewall).

Application is using Microsoft Active Directory for authentication.

Here are the steps

User try to access the application using the browser.
WAF layers see that REQUEST is not authenticated, hence forward it to Azure Active Directory
AAD shows the login page and the user enters username/password/MFA
Now token from AAD send back to the browser and it will be sent to the backend application

Now question is, How backend application verify this token? Does it need an outbound connection to AAD or will it talk to AAD through WAF and browser?
Do I need to have NSG rules (outbound ) to talk with AAD?

Accepted Answer

Hello, your backend application or API will need to be able to reach AAD in order to validate the access token. If you use a NSG you can add an outbound rule with Destination Service Tag and Destination Service Tag Azure Active Directory.

Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

Answer

Thanks alfredorevilla-msft for understanding my question.

Could you share some links on how do setup service tags?

Share via

How does application validate the authenticated token from Azure Active Directory?

1 additional answer

Your answer