12. Authentication Manager Settings

Requirements for Identity Provider Integration with PROXY Pro

PROXY Pro RAS v11.0 includes a new Authentication Manager component (formerly known as the Proxy Identity Manager in v10) that centralizes all authentication and directory search logic for the Server product (Web Console and Gateway Server). In v10.0, the built-in integrations are:

Computer directory services via Active Directory lookup (for Host Grouping by AD OU)
User directory services (user accounts and user groups) via:
Active Directory lookup for local accounts
Microsoft Graph API (https://graph.windows.net) for Azure AD accounts
User authentication via:
Win32 “LogonUser” call for local accounts
Entra ID authentication via OpenID Connect (https://login.microsoftonline.com/domain/).

OpenID Connect Assumptions/Requirements

PROXY Pro v10.0 and newer requires the following information from an OIDC provider:

PROXY Pro usage	OIDC Claims (in order examined)
Id (unique account ID)	sub, oid
Account Name	upn, unique_name
Friendly Name (optional)	name
Email Address (optional)	email
Group Membership	groups

In v11.0 first release, the OpenID Connect integration assumes that the integration is with Microsoft Entra ID. When this is generalized, the following parameters will be configurable:

Parameter	Entra ID Example
OIDC Root URL	https://login.microsoftonline.com/
Domain Name	In Entra ID case, DNS name of domain, e.g. “proxynetworks.com”, appended to OIDC Root URL (e.g. https://login.microsoftonline.com/proxynetworks.com/).
Client ID	Now called “Application ID” in Entra, identifies the PROXY Pro Server application instance
Application Key	Now called “Password” in Entra, allows application instance to authenticate to Azure services

The contents of 12. Authentication Manager Settings

Authentication Manager Settings