We use PasswordState for both IT and staff with SAML auth through O365.
Desktop access works seamlessly to the PasswordState server (or load balancer), via the Microsoft proxy once users have a valid O365 session meeting a number of conditional access requirements
However with mobile access this isn't quite as seamless, the mobile app requires the application gateway which needs to be publicly accessible and cant be put through the MS proxy as the app doesn't seem to support the extra authentication requirements here. This creates an opening in our firewalls we would rather avoid. We would rather not present anything publicly and use the MS reverse proxy which allows us more granular control of security on user authentication (behavioural analysis and MFA) and is maintained by Microsoft to authenticate the user and pass the website back to their device once authenticated
We do this with a number of other internal systems however because of the application gateway requirement for mobile access with PasswordState, this isn't an option currently.
Would it be possible to consider a more robust approach with access to PasswordState where offloading authentication and proxying is possible (in this case with Microsfot) ?
