The Microsoft identity platform is used for main authentication and for multi-factor authentication as the
Identity Provider (IdP).
The BIG-IP that outsources authentication to the Microsoft identity platform is registered in Azure Active Directory (Azure AD) as an application with the SAML (Security Assertion Markup Language) SSO method.
The app (named App) is behind a BIG-IP and all the requests to the application come through a BIG-IP LTM virtual server.
When a user attempts to access the administrative console of App, multi-factor
authentication is required.
All access policy actions occur in a per-request Policy, using subroutines. The main access
policy exists only to create a container for the per-request policy.
Because the configuration occurs in a per-request Policy and subroutines, continuous client
checks are possible, and occur on a periodic basis. The per-request policy also allows
revalidation of the access policy items based on changing information, or, in this case, a
request for a new URL.