SSO with Salesforce using Big-IP APM

Question

Current configuration: Big-IP APM is configured as an IDP to control access and SSO into Salesforce.&nbsp;
Could Big-IP APM be configured to recognize a user's login into Windows (Active Directory)? &nbsp;
The requirement is to access Salesforce without being prompted for an id and password after logging
into the enterprise network.&nbsp;
Please let me know if this is possible.&nbsp;
Thanks.&nbsp;

joshbecigneul · Answer

Yes, this should be possible. You would need to use a Kerberos AAA config to authenticate users that are using domain-attached workstations or laptops. This is one guide that describes the process: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/9.htmlconceptid&nbsp;
Depending on your access requirements, you may wish to use a separate VS for "internal" users if you are running any other services for external use. The Kerberos process can fall back on HTTP Basic authentication, but to me, that looks a tad ugly if I can use a Logon page instead.&nbsp;

Forum Discussion

SSO with Salesforce using Big-IP APM

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Question about adding VEs to existing physical appliance device group without ASM licenses

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

What is the best practice for migrating from iseries to rseries?

BIG-IP i11000 – License compatibility with TMOS versions above 14.1.2 and Web GUI inaccessible

Related Content

Using AWS CloudHSM with F5 BIG-IP

Agentic AI with F5 BIG-IP v21 using Model Context Protocoland OpenShift

Automating Certificate Management on F5 BIG-IP

Updating SSL Certificates on BIG-IP using REST API

What's new in BIG-IP v21.0?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS