Remote Single Sign-on to On-premises Applications

Migrating business applications to the cloud can improve application scalability and access, and reduce the burden on IT for delivery, maintenance and upgrades. But, some applications may need to stay on premises. Accessing these applications from outside the network has typically required VPN access.

Consider the following options for cloud vs. on-premises applications:

  • Keep applications on-premises
    Some applications may need to remain on-premises indefinitely behind your firewall for security and compliance reasons. Or, there are simply too many customizations built into the on-premises app to consider migrating it to the cloud.
  • Migrate applications to the cloud in the future, but keep it on-premises for now
    Some applications (like Office 365) benefit from a hybrid deployment; some components (like e-mail) are migrated to the cloud, and other components like SharePoint may remain hosted on premises.
  • Hybrid: Expand capacity into the cloud application, while maintaining core functionality on-premises
    SharePoint Server on-premises is a good example where more complex and customized functionality, and legacy data stores, may preclude complete cutover to the cloud. However, for wider accessibility and isolation from in-house resources, it may make sense to expand future capacity into new SharePoint Online sites or document libraries.
cloud solutions

SSO with VPN creates more hassle

Any web application — whether in the cloud or on-premises — can be enabled for secure single sign-on (SSO) either through federation standards like SAML or WS-Fed, or through stored username and password. Some Identity-as a-Service providers offer SSO to on-premises apps, but require a VPN connection. Depending on the type of VPN, you can get reliable yet unrestricted access to the entire network, or app-specific access with less reliable connectivity.

SSO with Centrify App Gateway is hassle-free, VPN-free, and worry-free

At Centrify, we considered ease of use, security, and the concept of least privilege access when we developed the App Gateway. Setup is easy, without the hassles of VPN. End users gain remote SSO only those apps enabled by IT, not the entire network. App Gateway is available as a premium feature through the Centrify Identity Service App+ Edition.

Key Benefits


  • Encrypted, secure remote connections to on-premises applications
  • No additional ports opened in firewall
  • Visibility and reporting on app access, usage, failed logins and more
  • Automatic redundancy and failover


  • No need to install and configure VPN
  • One-click or one-tap access to on-premises applications like Microsoft SharePoint, SAP, JIRA
  • Secure SSO using SAML, WS-Fed or Username/Password
  • Works with any device, including mobile