Been looking for the best way of doing this. The boss wants to get rid of DUO and go MS Authenticator because our company has gone O365 etc and we want to standardize MFA. We use APM for AD auth then DUO push to get to the on-prem connection servers. VMware Unified Access Gateway is an option but I was thinking the F5 AAD integration might do the trick but all the documentation I've seen is for web applications. I'm pretty sure this can be done via the Horizon Client but I can't find any docs on it.
Can someone point me to some documents or has a better idea how to do this please let me know.
Only way to use MS Authenticator is SAML, as I can see Horizon client has support for SAML, so it should work.
Only thing that I'm not sure would SSO work, because by default you use username and password from form on F5, with SAML you don't have password, so this kind of SSO is not possible. Only possible way for SSO would be kerberos. Never tried it but in theory should work.