Graham_Alderso1's avatar
Graham_Alderso1
Ret. Employee
Apr 25, 2018

Karthik,

 

Perhaps look at the domain name setting regarding the forms SSO issues. Also ADFS by default is configured to require domain\username or username@domain.com format, so that is how the forms SSO works in APM works by default. Many environments modify the ADFS logon page to not require the domain, so you may need to adjust the forms SSO accordingly.

 

Regarding the Azure MFA, you would need to change your Azure MFA policy to implement the way you're requesting. If you have APM enforce the MFA requirement, then you do not need Azure to enforce it. ADFS (and thus Azure) is unaware that APM has already completed the MFA and that is why you are getting prompted twice.

 

If you want Azure MFA implemented the same way it would be when using WAP, do not select to deploy Azure MFA in the APM profile (or do not deploy an APM profile at all depending on your needs), and it will be implemented by ADFS and Azure in the same manner you are used to, but with APM replacing the WAP functionality.