I am deploying F5 as SP with Azure MFA, during the deployment we encountered this behavior below(which is expected):
The issue we encountered is when the user login for the 2nd time, there was no challenge/authentication presented to the users, we guess it's because of the SSO or cookie session on the Azure.
After we noticed the behavior above, we used the force authentication option in the F5 SAML configuration (which seems to be the answer):
However, we want to minimize the user effort because every time they are redirected to Azure MFA they need to key in their Azure credentials (username & pass).
My question is, is there a way to pass the credentials from the F5 logon page to the Azure MFA login portal thru SAML.
This is are the attributes F5 inserts and I do not see username or password as an option:
Better try from the Azure AD side to fix things without the F5 Force authentication (this is just an attribute F5 SP sends to the IdP) enabled:
You can also test using F5 with Microsoft conditional access: