We use universal dashboard combined with Azure Application Proxy to deploy dashboards in customer environments and have a firewall-friendly way to access them. Currently, we provision it in passthrough mode and then do the Azure AD authentication at the universal level, but this is not ideal.
Since Azure AD now supports header based authentication: Header-based single sign-on for on-premises apps with Azure AD App Proxy | Microsoft Docs
Is it possible to configure the authentication.ps1 to not prompt for forms login but instead check if certain headers are present in the request and use those for username, role, etc.?
If so then I can do the auth at the Azure AD Proxy level and then just passthrough the requisite information of the already-authenticated user to the dashboard for a cleaner single sign on.
I’d be OK with a shared token provided in bearer or something too, but my understanding that only works for rest APIs and not dashboards.
Product: PowerShell Universal
Version: 1.4.6