I have integrated my BIG-IP APM to Azure AD SAML Auth and the authetication to Azure AD works well.
I have set the SAML Auth Force Authentication to Enable and everytime the user login to VPN it keeps on prompting for both Credential (Username and Password) and MS Authenticator PIN.
If I set the SAML Auth Force Authentication to Use AAA Server settings, the Azure Portal Appear to select the username without asking for MS Authenticator.
Is there a way to configure either on Azure AS or APM where in when user authenticate it will only prompt for MS Authenticator PIN and allows the Credential (Username and Password) to follow the AAA Server settings which Single Sign On to machine?
This will help to improve the user experience to lessen the time frame when authenticating.
Thanks in Advance.
just for MFA maybe see https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension and use NPS server on-prem that will talk with the Azure AD and your F5 APM. Also you can test https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwor... but I have not done this myself.