Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

SAML F5 as SP initiated with Azure MFA Integration


Hi Experts,

I am deploying F5 as SP with Azure MFA, during the deployment we encountered this behavior below(which is expected):

  • User access F5 VPN, F5 authenticates users thru local AD
  • Users will redirect to Azure MFA for a second verification
  • Users will key in their Azure account and Azure will send SMS OTP
  • Once verified, users can access applications behind F5 APM

The issue we encountered is when the user login for the 2nd time, there was no challenge/authentication presented to the users, we guess it's because of the SSO or cookie session on the Azure.

  • User access F5 VPN, F5 authenticates users thru local AD
  • Users will redirect to Azure MFA (no verification/authentication)
  • Users can access F5 APM

After we noticed the behavior above, we used the force authentication option in the F5 SAML configuration (which seems to be the answer):


However, we want to minimize the user effort because every time they are redirected to Azure MFA they need to key in their Azure credentials (username & pass).

My question is, is there a way to pass the credentials from the F5 logon page to the Azure MFA login portal thru SAML.


This is are the attributes F5 inserts and I do not see username or password as an option:


Better try from the Azure AD side to fix things without the F5 Force authentication (this is just an attribute F5 SP sends to the IdP) enabled:


You can also test using F5 with Microsoft conditional access:


Where did you enable the force authentication option in F5 SAML configuration?



Did you managed to find a solution for this?