Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft
A key element to F5 BIG-IP Access Policy Manager (APM) wide range of use cases has always been the ease of integration with other technology partners. Not only BIG-IP APM own capabilities but extending other technologies capabilities to make a more robust and flexible uses cases.
This ease of integration and flexibility make it easy for organizations to make the best out of their security investments.
Below are some of the integration examples to get an idea:
- BIG-IP APM and AzureAD:
- F5 APM as Service Provider (SP) and AzureAD as Identity Provider (IDP), where user authenticates through AzureAD and got SAML insertion in the response while being redirected to BIG-IP APM.
- Leverage F5 BIG-IP APM and Azure AD Conditional Access Easy button , where AzureAD policies can be enabled and slected from BIG-IP APM dashboard when creating the policies.
- Zero Trust building blocks - Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM AccessZero Trust building blocks - Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access, BIG-IP APM and Microsoft Intune to make use of the end point compliance.
- BIG-IP APM and ADFS:
- ADFS Proxy Replacement on F5 BIG-IP , F5 can act as a ADFS proxy to proxy and authenticate users as a replacement for the WAP component of the ADFS.
- F5 LTM can be used to load balance only traffic to ADFS environment.
- BIG-IP APM with Kerberos for authentication and Single Sign-On.
Some common use case is using F5 APM to simplify migration between different deployment models,
- BIG-IP APM can front ADFS and hence decouple both sides of the flow, the client traffic to BIG-IP APM and traffic towards ADFS.
- Once we have the traffic decoupled, we can further migrate the ADFS to AzureAD.
- BIG-IP APM SSO helps with utilizing modern authentication and federation technologies at client side, and back end can still integrate with legacy SSO technologies.
- BIG-IP APM helps if the application is not yet ready for advacned and cloud identity integrations, so F5 client side integrate with the modern identity services, and backend can be developed on a different pace.
Related content
- leverage BIG-IP APM Azure AD with Conditional Access Easy button
- Zero Trust - Making use of a powerfull Identity Aware Proxy
- Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access - Building Zero Trust strategy
- F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator
- APM Cookbook: SAML IdP Chaining - DevCentral
- Technology Alliances | Partners | F5
- Secure hybrid access with F5 deployment guide - Microsoft Entra | Microsoft Learn
- Big-IP and ADFS Part 1 – “Load balancing the ADFS Farm”
- Big-IP and ADFS Part 2 - APM: An Alternative to the ADFS Proxy
- Big-IP and ADFS Part 3 - “ADFS, APM, and the Office 365 Thick Clients”
Updated Sep 07, 2023
Version 2.0