Per-App VPN and ADFS Redirect

ShannonSnyder · ‎02-03-2020

I have deployed the VMWARE tunnel and UAG where, when using Safari, I can successfully have an internal site use the tunnel to connect without issue. I can also connect to O365 (OWA) where the authentication is using an internal ADFS redirect.

When I try to apply this same concept but using a per-app vpn, my ADFS redirects appear to fail. I have validated that the device has the VPN Configuration where the App is listed for use. For example; I configure MS Authenticator to use the tunnel when accessing adfs.company.com. I launch Outlook, enter a username, am prompted to open authenticator after which I see the 'VPN' icon on top of the device pop-up to attempt to use the tunnel in communication with internal ADFS but then I immediately get a failure prompt from Authenticator stating that I must be connected to the internet.

Any advice as to why when using MS Authenticator, my ADFS redirects fail to connect over the Tunnel?

Thanks in advance,

Shannon

v_danny · ‎02-06-2020

I ran into the same issue previously. The MS Authenticator app was trying to get to URLs out on the internet that my Tunnel server didn’t have access to.

Easiest workaround is to add a Device Traffic Rule for the MS Authenticator App to only tunnel in your ADFS URL. This will allow all the other domains to bypass the tunnel and go through the Internet to reach their destination.

ShannonSnyder · ‎02-07-2020

Thanks but I'm only tunneling my internal domain. Nothing else is using the tunnel.

Shannon

All

Per-App VPN and ADFS Redirect