When proxy is enabled, sites with AzureAD SSO stop authenticating

When enabling proxy on a webiste, some sites confgigured to SSO/SAML with AzureAD fail.
Suspect that the the AzureAD pass back to the proxied site is intercepted and the site doesn’t load the page.

Is there a best practice or preferred configuration on not intercepting or bypassing SSO workflow?