Manual Chapter :
Overview of Azure with SAML for Seamless SSO and MFA
Applies To:
Show Versions
BIG-IP APM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Overview of Azure with SAML for Seamless SSO and MFA
What happens in this scenario
In this scenario:
- The Microsoft identity platform is used for main authentication and for multi-factor authentication as the Identity Provider (IdP).
- The BIG-IP that outsources authentication to the Microsoft identity platform is registered in Azure Active Directory (Azure AD) as an application with the SAML (Security Assertion Markup Language) SSO method.
- The app (named App) is behind a BIG-IP and all the requests to the application come through a BIG-IP LTM virtual server.
- When a user attempts to access the administrative console of App, multi-factor authentication is required.
- All access policy actions occur in a per-request Policy, using subroutines. The main access policy exists only to create a container for the per-request policy.
- Because the configuration occurs in a per-request Policy and subroutines, continuous client checks are possible, and occur on a periodic basis. The per-request policy also allows revalidation of the access policy items based on changing information, or, in this case, a request for a new URL.
