Forum Discussion

Nimbostratus

Aug 08, 2023

F5 BIG-IP APM Integrated to Azure AD for User

I have integrated my BIG-IP APM to Azure AD using Service Provider SAML and it seems it is working well, but when user logout/disconnected to VPN and reconnect back, it is no longer asking for the MS...

application delivery

cloud

jessperbaylon

Nimbostratus

Aug 13, 2023

HI Aubrey,

I have managed to make it to work using a force authentication (Enabled). The challenge here is that users keeps on entering the username and password + MS Authenticator PIN every time user login to VPN.

Is there a way, that I can set the Force Authentication as Use AAA Server Settings (which is a single sign on) but will still prompt for MS Authenticator?

Nikoolayy1

MVP

Aug 13, 2023

Maybe try playing with microsoft conditional access and MFA as Azure AD is selecting when to again ask users for MFA. Maybe if this "Allow users to remember multi-factor authentication on devices" is dissabled:

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/recommendation-mfa-from-known-devices

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)