How to authenticate local application users against Office365/Azure AD using APM?

Question

Hi,&nbsp;
I have a customer who wants to authenticate users before let them access to a local application. The problem here is that they want to authenticate these users against Office365/Azure AD (using Office365 account credentials), because local AD is not synchronized with Azure AD and they don't want to synchronize one with one another. Updated users are in Office365.
I know that this can be accomplished with ADFS, but the customer wants to use some additional features from APM, like IP Geolocation, CAPTCHA, OTP...&nbsp;
The process is as follow:
1. User access to the application url owned by the APM (e.g. https://myAPP.com)
2. APM validates the user source IP with IP Geolocation
3. If the user comes from a allowed country, a logon page is presented with username and password fields.
4. APM authenticates user against Office365/Azure AD as AAA Server.
5. If authentication is succesfull, APM lets the user access the Web Application using rewriting profile.&nbsp;
How can I configure APM to authenticate users using Azure AD as AAA server? Is it possible?
I looked for in DevCentral if there is any solution using SAML, but when APM is the IdP, all the solutions use a local AD for authentication and in my case, the AD is Office365/Azure AD.
Can anybody help me?&nbsp;
Thank you in advanced,
Sergio&nbsp;

michael_koyfma1 · Answer

Sergio,&nbsp;
There are a number of ways this can be done.  The easiest one that customer can deploy today is by setting up Azure AD Application Access and treat APM Application as the SP.  More details about it here:&nbsp;
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/get-started-with-the-azure-ad-application-gallery&nbsp;
In the future, with v13.0, we'll support OAuth, which is another way you can get authentication for your app.&nbsp;

michael_koyfman · Answer

Sergio,&nbsp;
There are a number of ways this can be done.  The easiest one that customer can deploy today is by setting up Azure AD Application Access and treat APM Application as the SP.  More details about it here:&nbsp;
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/get-started-with-the-azure-ad-application-gallery&nbsp;
In the future, with v13.0, we'll support OAuth, which is another way you can get authentication for your app.&nbsp;

sercacor · Answer

Thank you very much Michael.
This information was so usefull.&nbsp;

sercacor · Answer

Thank you very much Michael.
This information was so usefull.&nbsp;

Forum Discussion

How to authenticate local application users against Office365/Azure AD using APM?

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

Application Programming Interface (API) Authentication types simplified

Introducing the F5 Application Study Tool (AST)

Mitigating OWASP Web Application Risk: Identification and Authentication Failure using BIG-IP

Mitigating OWASP Web Application Risk: Identification and Authentication Failures using F5 XC

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS