Forum Discussion
APM Edge client logout when revoking user from AzureAD/MS Entra
In F5 APM , there's a feature called "Session Lifetime" that controls how long a user's session can be active. However, this feature is based on a defined time interval, not on changes in a user's status in AzureAD. This means that if a user is removed or revoked from AzureAD, their active session will not be immediately terminated but will continue until the session lifetime expires.
For the kind of real-time revocation you're looking for, the F5 APM would need the ability to query AzureAD in real-time to check the status of a user, which to the best of my knowledge, isn't a built-in feature.
However, you might be able to achieve something similar by implementing a custom solution involving AzureAD's API and F5 iRules or using a third-party identity management solution that supports real-time revocation.
As for the Edge Client, it has features for checking system parameters like antivirus status, but I'm not aware of it having a built-in feature for real-time checking of a user's status in AzureAD.
- Frank_ten_WoldeOct 09, 2023Nimbostratus
Exactly my thought as well. Perhaps there is a way to have something updated in the registry, based on the AzureAD state of the user. Then, we can use a client (ongoing) registry check to validate the session.
I will have to think about this. In the meantime, if anyone has a bright idea :-)...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com