Manual Chapter : Creating a local Service Provider for primary authentication with Azure AD

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless SSO: Azure with SAML and MFA

Updated Date: 04/30/2026

Creating a local Service Provider for primary authentication with Azure AD

Create the local service provider to provide the authentication object that you can reference in the SAML Auth item in the per-request policy.

  1. On the Main tab, click Access > Federation > SAML Service Provider > Local SP Services.

  2. Click Create.

  3. Specify the app URI for the Entity ID.

    For example, https://app.example.com/.

  4. Select the Scheme, and specify the Host URL.

    For example, app.example.com.

  5. Click Security Settings.

  6. Select Sign Authentication Request and select the Message Signing Private Key and Message Signing Certificate.

  7. Click Advanced.

  8. Select Allow Name-Identifier Creation.

  9. From the list, select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

  10. Click OK.

  11. Click Bind/Unbind IdP Connectors.

  12. Click Add New Row.

  13. Select the IdP connector you created for the non-MFA application.

  14. Click Update, then click OK.