APM Integration with Azure AD for MFA

Question

Hi All,I have integrated my BIG-IP APM to Azure AD SAML Auth and the authetication to Azure AD works well.&nbsp;I have set the SAML Auth Force Authentication to Enable and everytime the user login to VPN it keeps on prompting for both Credential (Username and Password) and MS Authenticator PIN.If I set the&nbsp;SAML Auth Force Authentication to Use AAA Server settings, the Azure Portal Appear to select the username without asking for MS Authenticator.Is there a way to configure either on Azure AS or APM where in when user authenticate it will only prompt for MS Authenticator PIN and allows the Credential (Username and Password) to follow the AAA Server settings which Single Sign On to machine?&nbsp;This will help to improve the user experience to lessen the time frame when authenticating.&nbsp;Thanks in Advance.&nbsp;

nikoolayy1 · Answer

just for MFA maybe see https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension and use NPS server on-prem that will talk with the Azure AD and your F5 APM. Also you can test https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone but I have not done this myself.

liefzimmerman · Answer

jessperbaylon&nbsp;- If your post was solved it would be helpful to the community to select *Accept As Solution*.This helps future readers find answers more quickly and confirms the efforts of those who helped.Thanks for being part of our community.Lief

Forum Discussion

APM Integration with Azure AD for MFA

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Integrating the F5 BIGIP with Azure Sentinel

BIG-IP integration with Azure Gateway Load Balancer

Integration of Azure Sentinel and F5 BIG-IP using TS and AS3

Azure Active Directory and BIG-IP APM Integration

NGINXaaS for Azure: Azure Key Vault