Forum Discussion
Azure MFA service integration with APM
Hi,
Do i need to have an Azure MFA Radius Server on prem to implement MFA with my APM? Can't i use the default Azure MFA service that comes with my Azure AD? On Azure AD, i could just tick boxes to choose my users who should use MFA and for what Applications. Can I do this for F5 too?
- PistleNimbostratus
RADIUS is a standard protocol to accept authentication requests and to process those requests. The Azure Multi-Factor Authentication Server can act as a RADIUS server. Insert it between your RADIUS client (VPN appliance) and your authentication target to add two-step verification. Your authentication target could be Active Directory, an LDAP directory, or another RADIUS server. For Azure Multi-Factor Authentication (MFA) to function, you must configure the Azure MFA Server so that it can communicate with both the client servers and the authentication target. The Azure MFA Server accepts requests from a RADIUS client, validates credentials against the authentication target, adds Azure Multi-Factor Authentication, and sends a response back to the RADIUS client. The authentication request only succeeds if both the primary authentication and the Azure Multi-Factor Authentication succeed. I would recommend, refer Managed Azure Services, to get more details about the Azure services.
Best regards
- OreoluwaAltocumulus
Thank you Pistle
while RADIUS is an option it is also possible to do this more native
https://devcentral.f5.com/s/articles/Azure-Active-Directory-and-BIG-IP-APM-Integration
the world is moving more and more to saml for authentication, it sure is possible to setup RADIUS server in Azure, but why not give the the native authentication method a try
- OreoluwaAltocumulus
Hi Boneyard, i eventually used SAML and it worked for the authentication. However, there was a new hurdle. Portal access for Azure User groups using SAML attributes. I am not sure how to go about this. Could you help please?
it has been a while but i got this worked out some time ago.
within the Azure Enterprise Application you have the option to return SAML attributes. Azure calls it claims. there you can return for example groups which you can filter on at the APM level as with AD group attributes.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com