Manual Chapter : Creating the per-request policy for Azure AD with SAML and MFA

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless SSO: Azure with SAML and MFA

Updated Date: 04/30/2026

Creating the per-request policy for Azure AD with SAML and MFA

You should have created applications on your Azure AD system for main authentication and MFA. On the BIG-IP, you should have configured External Identity Providers and local Service Providers for both main authentication and MFA.

In this task, you configure the access policy that creates the traffic and event flow for the BIG-IP as a Service Provider and Azure AD as the Identitity Provider, using SAML Authentication and MFA for separate per-request policy branches.

  1. On the Main tab, click Access > Profiles / Policies > Per-Request Policies.

  2. Click Create.

  3. Specify a Name and add one or more Accepted Languages.

  4. Click Finished.