Your users don’t care where your applications exist. They want easy single sign-on (SSO) whether they’re accessing an on-premises database, Microsoft Office hosted in the public Azure cloud, or a Software as a Service (SaaS) application like Salesforce. As an organization, you need the agility of being able to host applications anywhere—and even moving them around according to business requirements.
Compromising on either the simplicity desired by users or the flexibility needed by the organization can disrupt productivity and hurt the business. And as more applications are shifted between data centers, private clouds, and public clouds, the identity and access management (IAM) problem only grows in complexity.
As I discussed in an earlier blog Take Control of Identity and Access Management in the Cloud, organizations considering moving applications off-premises have three options for identity management. Hosting all your applications in an on-premises data center doesn’t make sense for organizations facing pressure to capitalize on the promises of the cloud. Migrating some applications and managing identity using multiple services introduces too much complexity and can have a big impact on user productivity.
By integrating your on-premises Microsoft Active Directory with the BIG-IP platform, you can manage a single user directory for on-premises applications, cloud applications hosted with any provider, and any SaaS application that supports SAML. This unified solution delivers the agility of the cloud with the security and stability of an on-premises IAM solution by allowing you to centrally manage identities for use on any application in any environment.
Adding multifactor authentication (MFA) strengthens your IAM solution even more, but many applications lack MFA support. F5 BIG-IP Access Policy Manager (APM) enables MFA by acting as an authentication proxy in front of non-MFA-enabled applications. BIG-IP APM also adds contextual awareness—such as location, date, time, and more—to help detect unauthorized use, enabling IT to apply logic and make informed decisions, such as limiting application access in certain circumstances.
However, a federated solution can introduce latency for identity management between the data center and the cloud provider, thus slowing productivity and frustrating your users. But by placing your F5 devices in a colocation interconnect environment, you can take advantage of low-latency and high-bandwidth identity management across on-premises, cloud-based, and even SaaS applications.
Integrating your existing AD deployment, allowing BIG-IP APM to provide SAML identity services and enable MFA, and placing your BIG-IP devices in a colocation interconnect environment offers the best of all worlds—simplifying the complexities of IAM across dispersed application environments, and allowing you to focus on your business.