Forum Discussion

Jack_Stewart's avatar
Jack_Stewart
Icon for Nimbostratus rankNimbostratus
May 22, 2019

Using a BIG-IP to Front-End Azure

Hello!

 

We are implementing Azure, and I was wondering if it was possible to configure the BIG-IP such that:

 

  • User authentication goes to a URL in which we've enabled federation (i.e., SAML) authentication.
  • Intune and device management requests bypass this URL and go to the Microsoft SSO URL, and then, after SSO, the device communicates directly with Azure.

 

I've looked into the network information for both Office 365 and Intune, and there's a lot of different endpoints available. It's almost like it would be too complex to manage, but I thought I would ask.

 

Is anyone doing this?

 

Many thanks,

Jack Stewart

University of Michigan

  • Hi Jack,

    Did you ever make progress on this? We're having issues getting users registered with Intune, with on-premise Big-IP (v15) as IDP (no AD FS).

     

    It looks like WS-Trust is a MUST from Azure's perspective, still not sure whether it's supported though (I'm opening an SR to ask F5, docs are hazy)...

     

    Any info you could share would be welcome.

     

    Cheers,

    SW