secure all traffic is a bit vague, do you want to inspect the traffic or do you want it end up on a device before the actual ADFS servers?
if the second then LTM module is enough. if you want to inspect the traffic check for attacks and allow only certain URLs you need AWAF (formerly ASM).
which documentation to follow becomes a bit tricky for AWAF, as creating a policy from a guide isn't really possible without good understanding what you are doing. i would advise contacting your F5 partner on that.
for just LTM this is a good start: https://www.f5.com/services/resources/deployment-guides/microsoft-active-directory-federation-services-big-ip-v11-ltm-apm