Manual : Overview of Azure with SAML for Seamless SSO and MFA

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Seamless SSO: Azure with SAML and MFA

Overview of Azure with SAML for Seamless SSO and MFA

In this scenario:

  • The Microsoft identity platform is used for main authentication and for multi-factor authentication as the Identity Provider (IdP).
  • The BIG-IP that outsources authentication to the Microsoft identity platform is registered in Azure Active Directory (Azure AD) as an application with the SAML (Security Assertion Markup Language) SSO method.
  • The app (named App) is behind a BIG-IP and all the requests to the application come through a BIG-IP LTM virtual server.
  • When a user attempts to access the administrative console of App, multi-factor authentication is required.
  • All access policy actions occur in a per-request Policy, using subroutines. The main access policy exists only to create a container for the per-request policy.
  • Because the configuration occurs in a per-request Policy and subroutines, continuous client checks are possible, and occur on a periodic basis. The per-request policy also allows revalidation of the access policy items based on changing information, or, in this case, a request for a new URL.