F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)
In this Article we will go through a deployment approach where F5 BIG-IP Access Policy Manager (APM) front an application as Service Provider (SP) whether on cloud or on-premises, while AzureAD acts as Identity Provider (IDP) to provide identity services, Conditional Access and other services.
In our case, there's an additional point we are using Kerberos for Single Sign-On (SSO). Such deployment can be observed in corporates moving to cloud and keeping internal Active Directory or other authentication mechanisms internal, so BIG-IP APM will be able to authenticate users with AzureAD and apply SSO at backend.
Configurations summary
- Register Application at AzureAD.
- Get the SSO elements from AzureAD.
- Configure BIG-IP APM SP with the right parametes.
- Configure BIG-IP APM Kerberos SSO.
Configurations details
- Register application in AzureAD.
- Get the SSO elements from AzureAD.
- Configure F5 SP with the right parameters.
- A nice article was made on IDP chaining that's very beneficial in some scenarios
- Configure F5 Kerberos SSO.
Related contents
- Configure F5 BIG-IP Access Policy Manager for Kerberos authentication - Microsoft Entra | Microsoft Learn
- Technology Alliances | Partners | F5
- Azure Overview with F5 BIG-IP - YouTube
- Azure AD IDP chain with F5 APM - YouTube
- What is BIG-IP APM? - YouTube
Published Jul 17, 2023
Version 1.0
momahdy
Employee
EmployeeNo CommentsBe the first to comment