For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

THi_89722's avatar
THi_89722
Icon for Nimbostratus rankNimbostratus
Oct 12, 2015

BIG-IP with APM federation to O365 / Azure AD Connect requiring Web Application Proxy - can we do without WAP?

Hi   A customer has new AD/ADFS 3.0 infra and wants federation to Office 365. This can be done with BIG-IP LTM+APM replacing the ADFS proxies. There is a deployment guide and iApp for ADFS support...
BIG-IP Access Policy Manager (APM)
cloud
deployment
microsoft
security
houstonrob_1173's avatar
houstonrob_1173
Icon for Nimbostratus rankNimbostratus
Oct 13, 2016

I know this is a year old article but I was curious if you ever figured this out. We are looking at using APM instead of ADFS Proxy servers but our Windows admin says the WAP role is required. Is this something that APM can also replace?

 

Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Oct 18, 2016

I am confused - if you are setting up ADFS proxy, then I presume it is for external/remote users, correct? If so, why would you want them to be logged in automatically? Are you saying that you only allow remote access from domain-joined machines? You can try to setup NTLM authentication on the APM policy to avoid the login page, but then you also need to have login page for non-domain-joined devices, right?

 

Check out this article and let me know if it makes sense.

 

https://devcentral.f5.com/articles/leveraging-big-ip-apm-for-seamless-client-ntlm-authentication