cancel
Showing results for 
Search instead for 
Did you mean: 

Using a BIG-IP to Front-End Azure

Jack_Stewart
Nimbostratus
Nimbostratus

Hello!

 

We are implementing Azure, and I was wondering if it was possible to configure the BIG-IP such that:

 

  • User authentication goes to a URL in which we've enabled federation (i.e., SAML) authentication.
  • Intune and device management requests bypass this URL and go to the Microsoft SSO URL, and then, after SSO, the device communicates directly with Azure.

 

I've looked into the network information for both Office 365 and Intune, and there's a lot of different endpoints available. It's almost like it would be too complex to manage, but I thought I would ask.

 

Is anyone doing this?

 

Many thanks,

Jack Stewart

University of Michigan

1 REPLY 1

autopoiesis
Nimbostratus
Nimbostratus

Hi Jack,

Did you ever make progress on this? We're having issues getting users registered with Intune, with on-premise Big-IP (v15) as IDP (no AD FS).

 

It looks like WS-Trust is a MUST from Azure's perspective, still not sure whether it's supported though (I'm opening an SR to ask F5, docs are hazy)...

 

Any info you could share would be welcome.

 

Cheers,

SW