Hi,
We have implemented Azure Entra Application Proxy in the environment together with the Business Central to authenticate Entra ID Users to login via External URL from Internet.
Azure App Proxy settings:
Internal Url:https://PrivateUrl:8443/
External Url: https://PublicUrl/
Redirect URI: https://<PublicUrl/ApplicationPage>/SignIn
Business Central (BC) use the below KB Article to change the Authentication point to Azure Entra ID and the Application Registered in Azure:
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintoolhttps://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintool
The redirect URL in the Business Central (BC) Application is also set to the Public URL to match the Redirect URI in Azure App based on Above KB Task 4:
/https://login.microsoftonline.com/<EntraTenant>/wsfed?wa=wsignin1.0%26wtrealm=https://<PublicUrl>%26wreply=https://<PublicUrl/ApplicationPage>/SignIn/
However when accessing the External URL from Internet, its getting redirected to the Private URL of the Appl With Error: AADSTS50011
When we add this Private URL 'https://PrivateURL:8443/ApplicaitonPage/SignIn' into the Azure Redirect URI Page, this will work fine when when connecting from the internal network as the private URL DNS resolve and the Authentication is successful to the Business Central using Entra ID User. But it fails when connecting in Public network as Private URL is not resolvable in Internet.
Based on below AADSTS50011 KB from Microsoft, its due to the Reply URL that is triggered from the Business Central Application.
Please advice BC configuration required so that the Reply URL from the BC is Public URL instead of Private URL. Thanks