Manual Chapter : Creating an external IdP connector for MFA with Azure AD

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless SSO: Azure with SAML and MFA

Updated Date: 04/30/2026

Creating an external IdP connector for MFA with Azure AD

Locate the metadata you exported from Azure AD for the non-gallery application you created for multifactor authentication. You will use this metadata to create the external IdP on the BIG-IP.

You create an external IdP to allow BIG-IP to work as a Service Provider with Azure AD as the Identity Provider.

  1. On the Main tab, click Access > Federation > SAML Service Provider > External IdP Connectors.

  2. Click the arrow next to Create, then select From Metadata.

  3. Click Browse and select the metadata file you exported from Azure AD for the application with MFA.

  4. Type a Name for the Identity Provider.

  5. Click OK.

Next, create local SAML Service Providers (SPs) for the main authentication and multifactor authentication.