Manual Chapter : Creating a local Service Provider for MFA with Azure AD

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Creating a local Service Provider for MFA with Azure AD

Create the local service provider to provide the authentication object that you can reference for MFA in the SAML Auth item in the per-request policy.
  1. On the Main tab, click
    Access
    Federation
    SAML Service Provider
    Local SP Services
    .
  2. Click
    Create
    .
  3. Specify the app URI for the
    Entity ID
    for which you specified MFA on Azure.
    For example,
    https://app.example.com/admin/
    .
  4. Select the
    Scheme
    , and specify the
    Host
    URL.
    For example,
    app.example.com
    .
    The Host field should contain the same URL as the non-MFA Service Provider.
  5. Click
    Security Settings
    .
  6. Select
    Sign Authentication Request
    and select the
    Message Signing Private Key
    and
    Message Signing Certificate
    .
  7. Click
    Advanced
    .
  8. Select
    Allow Name-Identifier Creation
    .
  9. From the list, select
    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    .
  10. Click
    OK
    .
  11. Click
    Bind/Unbind IdP Connectors
    .
  12. Click
    Add New Row
    .
  13. Select the IdP connector you created for the MFA application.
  14. Click
    Update
    , then click
    OK
    .