Get user's group name from Azure AD to assign resources in APM
Hello Guys: Please, is there any way to get the name of the group or groups that a user belongs to in Azure AD (AAD)? By using APM Advanced Resource Assign, I am trying to give resources based on the group that the user belongs to in Azure AD, but I have realised that the Azure AD does not give me the memberOf parameter or something like that. I am deploying F5 APM + AAD based on OAuth for the authentication phase. Thanks Jorge
F5/Azure AD specify access to Applications
HI All I have users that are stored in Azure AD. We are using Azure AD for MFA. Users belong to Conditional Access Policies. How can I limit Users in Azure AD to only specific apps through F5? I.e, 10 applications are exposed to users through F5, I wish certain users to have access to only certain applications. This article https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/kerbf5-tutorial makes it seem like I need to do development. I see an article on how to do it for roles here https://blog.azureinfra.com/2020/07/06/f5-azure-ad-role-assignments-to-header-based-apps/ Could I do the same logic work with the Applications in the Conditional Access Policies?
Portal Access SSO with OAuth token given by Azure AD
Hello folks: I have deployed the OAuth client agent in my VPE and it works fine since the user is authenticated against the Azure AD (AAD) whenever he tries to reach the APM webtop page. Is there any way to reuse the token given by the AAD in a sort of SSO that the users will try to access via some Portal Accesses? I have tried to perform the SSO Oauth Bearer by following this article https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-single-sign-on-concepts-configuration-14-1-0/04.html, but I have not succeeded. Any help or advice is very very welcome. Thanks..! OmarAPM with Azure AD giving token ID to app authentication
Hello folks: Please, hope you could help me with this question. Currently, I have some applications developed in Visual Studio which are also declared in Azure AD (AAD) in order to take advantage of some sort of Federation. Thus, every user who wants to access to the apps must go to www.office.com so they can authenticate against the AAD. In order to do this, every app Visual Studio code has the Azure app ID. The AAD gives token IDs to the users wanting to access the apps. I am planning to deploy the F5 APM solution so I can centralise all those apps in the webtop due to I need to un-publish those apps from the Internet and offer them as a Portal Access with SSO. The F5 APM could become another app in the AAD, but the AAD must give token IDs to the APM portal. The token IDs given to the APM must be used by the Portal Access as its SSO. The token IDs delivery must remain the same and the APM only needs to use the tokens to perform SSO. How could I achieve this? Is there any possibility to use oAuth Bearer SSO to achieve this goal? Any suggestion or advice is very appreciated. Thanks Omar.