Azure Active Directory and BIG-IP APM Integration

Introduction Security is one of the primary considerations for organizations in determining whether or not to migrate applications to the public cloud. The problem for organizations with application...
Published Dec 18, 2019
Version 1.0
authentication
azure ad
BIG-IP Access Policy Manager (APM)
header
kerberos
security
series-f5-apm-and-microsoft-azure-ad-integration
Sam_Novak's avatar
Sam_Novak
Icon for Altostratus rankAltostratus
Mar 09, 2021

I utilize on-prem ADFS with the Azure MFA plugin to solve this, but I too have applications that I need to capture passwords for, but given the way SAML works (as I understand it) there isn't a way to capture/return a cleartext PW from the IdP (ADFS, Azure, etc) to the APM session for use in SSO configs.

 

This is makes things like NTLM auth, Peoplesoft/Oracle pages and simple form based sign-ins annoying because of the double auth, but it's what we have. I really wish Microsoft would provide an interface/snippets to integrate azure MFA directly into an APM sign-in form like DUO does; it's one of a handful of shortcomings we've found as we begin migrating from DUO to Azure MFA.

 

<soapbox>

The other big one for us is the Azure MFA authenticator app is very lacking when it comes to the user interface; with DUO, you see what app is being prompted for, and from where; authenticator is just 'Approve this, yes/no'.

</soapbox>