Azure App Proxy Setup for On-Prem Orchestrator – Identity Redirect Issue

Help Orchestrator
,
1

Hi UiPath Community,

We’re in the process of publishing our on-premises UiPath Orchestrator using Azure Application Proxy. The proxy is configured and working in general, but we’re running into issues with Identity and URL redirection, especially when it comes to login and authentication redirections via Microsoft Entra ID.

Setup Details:

  • UiPath Orchestrator: On-prem version
  • Microsoft Entra ID: Used for authentication
  • Azure Application Proxy: Set up with a connector and external URL
  • Internal URL: e.g., https://server.local
  • External URL via Azure App Proxy: e.g., https://orchestrator.msappproxy.net

Issue:

  • After navigating to the external URL and signing in via Microsoft Entra, the redirection either:
    • Redirects back to the internal URL (which isn’t reachable externally),
    • Or results in a error page status #200.

Questions:

  1. Are there specific configurations needed on Orchestrator’s side to support Azure App Proxy?
  2. Is it possible to use Azure App Proxy with an on-prem Orchestrator that uses Microsoft Entra?

Any guidance, working examples, or official documentation references would be greatly appreciated!

Thanks in advance!

2

Hi @Zoltan

Please checkout below links might be helpful,

OR

If helpful, mark as solution. Happy automation with UiPath!

3

Thanks for the reply and advice.

The Azure Application Proxy is functioning correctly, as I can access the external link (https://company.msappproxy.net/identity), log in successfully, and the Identity page displays as expected.

Let me explain some of the issues as I see it:

If I access the main external link without /identity

https://company.msappproxy.net then this error ( Route back to the internal link) page displays: https://local.server.intern/identity/?errorCode=invalid_request&errorId=…

Screenshot3
Screenshot3562×802 12.7 KB

When I access the external link directly with /identity: https://company.msappproxy.net/identity the page loads and I can log in with my credentials::

Screenshot
Screenshot1113×982 24.3 KB

After logging in, the Identity Management page is displayed:
The UiPath Identity Management Hub interface displays two app options: Orchestrator and Management. (Captioned by AI)
The UiPath Identity Management Hub interface displays two app options: Orchestrator and Management. (Captioned by AI)916×906 16.8 KB

When hovering over Orchestrator, it shows the internal link
Screenshot2
Screenshot2702×920 18.4 KB

After clicking it, the page fails to load because it redirects to the internal URL:https://local.server.intern. The same happens when clicking Management even though the URL displayed on hover is: https://company.msappproxy.net/identity/management
it still tries to route to the internal address and fails outside the VPN.

What I would like to achieve is the following:

Basically, this is the setup I would like to implement—if it’s possible. However, I haven’t been able to find any resources that clearly explain how to configure this.