For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jessperbaylon's avatar
jessperbaylon
Icon for Nimbostratus rankNimbostratus
Aug 08, 2023

F5 BIG-IP APM Integrated to Azure AD for User

I have integrated my BIG-IP APM to Azure AD using Service Provider SAML and it seems it is working well, but when user logout/disconnected to VPN and reconnect back, it is no longer asking for the MS...
application delivery
cloud
AubreyKingF5's avatar
AubreyKingF5
Icon for Moderator rankModerator
Aug 08, 2023

I used to do this with an LB_DETACH in an iRule against my LDAP servers. Not sure it would work here. You have APM logs from these sessions? Try a logout on a test VIP, identical to this one (standby units are great for this sort of thing, btw, so as to not interrupt prod traffic), jack up the logging on it and see what it tells you about your individual logout.

  • jessperbaylon's avatar
    jessperbaylon
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2023

    HI Aubrey,

    I have managed to make it to work using a force authentication (Enabled). The challenge here is that users keeps on entering the username and password + MS Authenticator PIN every time user login to VPN.

    Is there a way, that I can set the Force Authentication as Use AAA Server Settings (which is a single sign on) but will still prompt for MS Authenticator?