Azure Active Directory and BIG-IP APM Integration
Employee
AltostratusI utilize on-prem ADFS with the Azure MFA plugin to solve this, but I too have applications that I need to capture passwords for, but given the way SAML works (as I understand it) there isn't a way to capture/return a cleartext PW from the IdP (ADFS, Azure, etc) to the APM session for use in SSO configs.
This is makes things like NTLM auth, Peoplesoft/Oracle pages and simple form based sign-ins annoying because of the double auth, but it's what we have. I really wish Microsoft would provide an interface/snippets to integrate azure MFA directly into an APM sign-in form like DUO does; it's one of a handful of shortcomings we've found as we begin migrating from DUO to Azure MFA.
<soapbox>
The other big one for us is the Azure MFA authenticator app is very lacking when it comes to the user interface; with DUO, you see what app is being prompted for, and from where; authenticator is just 'Approve this, yes/no'.
</soapbox>