Manual Chapter : Creating an external IdP connector for standard authentication with Azure AD

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless SSO: Azure with SAML and MFA

Updated Date: 04/30/2026

Creating an external IdP connector for standard authentication with Azure AD

Locate the metadata you exported from Azure AD for the non-gallery application you created for standard authentication. You will use this metadata to create the external IdP on the BIG-IP.

You create an external IdP to allow BIG-IP to work as a Service Provider with Azure AD as the Identity Provider.

  1. On the Main tab, click Access > Federation > SAML Service Provider > External IdP Connectors.

  2. Click the arrow next to Create, then select From Metadata.

  3. Click Browse and select the metadata file you exported from Azure AD for the application with main authentication.

  4. Type a Name for the Identity Provider.

  5. Click OK.

Next, create the external IdP connector for multifactor authentication.