Manual Chapter :
Creating a local Service Provider for MFA with Azure AD
Applies To:
Show VersionsBIG-IP APM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Creating a local Service Provider for MFA with Azure AD
Create the local service provider to provide
the authentication object that you can reference for MFA in the SAML Auth item in the
per-request policy.
- On the Main tab, click.
- ClickCreate.
- Specify the app URI for theEntity IDfor which you specified MFA on Azure.For example,https://app.example.com/admin/.
- Select theScheme, and specify theHostURL.For example,app.example.com.The Host field should contain the same URL as the non-MFA Service Provider.
- ClickSecurity Settings.
- SelectSign Authentication Requestand select theMessage Signing Private KeyandMessage Signing Certificate.
- ClickAdvanced.
- SelectAllow Name-Identifier Creation.
- From the list, selecturn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
- ClickOK.
- ClickBind/Unbind IdP Connectors.
- ClickAdd New Row.
- Select the IdP connector you created for the MFA application.
- ClickUpdate, then clickOK.