Integrating Azure MFA and BIGIP

Question

Hi All
I have F5 on DC the customer have AzurMFA service 
I need Integrating that AzurMFA be the second factor with AzurPhone APP for Access to Aplication
I read this article ";&nbsp;
but I have a little different scenario I have only BIGIP on-premises 
 I see i need create a tunnel between BIGIP and Azure 
 what i need to do in VPE ?&nbsp;

youssef1 · Answer

Hi Igor,&nbsp;
You want to use MFA provide by microsoft (Phone, SMS, or Mobile App) for Strong auth.&nbsp;
So if you want to use this functionnality you have to an "AAA servers" and as you know, this resource is outside your internal network.&nbsp;
So you have to allow your Radius client to communicate with "cloud-based Azure Multi-Factor Authentication". From your F5 internel and "cloud-based Azure Multi-Factor Authentication".&nbsp;
Microsoft allow you to secure you communication (source IP based) and Ipsec (but i never tested it...), you have multiple choice for secure this channel. When you will setup your service you can select what you want for communication between radius services and your client (F5).&nbsp;
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension&nbsp;
Let me know how i can help you.&nbsp;
regards,&nbsp;

Forum Discussion

Integrating Azure MFA and BIGIP

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Related Content

Integrating the F5 BIGIP with Azure Sentinel

BIG-IP integration with Azure Gateway Load Balancer

Azure Active Directory and BIG-IP APM Integration

Integration of Azure Sentinel and F5 BIG-IP using TS and AS3

Yubikey Authentication Modes and Azure AD integration via the APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS