In the case the F5 being the IdP for any cloud applications, user's request located on the cloud/internet can be redirected to edge F5 IdP that is facing the internet for authentication (usually this is a public IP address). This is understandable but from the architecture point of view, what is the best practice for the internal users located inside the company network? Do they need to be redirected to F5 located at the edge? Do they need tp resolve to that edge F5 public IP? or how the internal requests are handle when the F5 is acting as IdP for those cloud solutions (Office 365, etc)
Here is my two cents;
Hope this helps.