F5 APM Conditional Access using Airwatch Integration

• Case:

   

  • Implement a APM solution as a SAML idp using multiple SP's and configure conditional access integration with Airwatch.

• Current Configuration:

   

• F5 OS 12.1.1 Build 184
• F5 APM implemented for Office365 using iApp
• F5 APM configured as SAML idp with Office365 and Airwatch

• F5 APM configured with Airwatch using REST API - https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-client-configuration-12-0-0/7.html

   

• Issue:

   

• After configuring APM Policy using VPE to check device compliance status, I receive an error stating the "Device ID was not found in session variables".

After speaking with my F5 SE he stated that I needed to deploy the F5 Edge Client in order for the Device ID's to be populated in the session. He also stated that I would need the F5 Edge Client to establish a VPN connection with the client session. He reference this link, https://f5.com/Portals/1/Premium/Architectures/RA-Enterprise-Mobility-Gateway-Recommended-Practices.pdf

 

After reviewing this doc, I am not clear as to whether I need to create and configure the CA section or not. I already have a clientssl cert and key on my VS from the Office365 configuration. I am not sure of the impact to my current configuration if I modify the current VS.

 

• Question:
• Would it be best to configure another VS to handle this function? And if so how do how would I pass the session parameters from one VS to another? Is this even possible?