How to authenticate local application users against Office365/Azure AD using APM?

Question

Hi,&nbsp;
I have a customer who wants to authenticate users before let them access to a local application. The problem here is that they want to authenticate these users against Office365/Azure AD (using Office365 account credentials), because local AD is not synchronized with Azure AD and they don't want to synchronize one with one another. Updated users are in Office365.
I know that this can be accomplished with ADFS, but the customer wants to use some additional features from APM, like IP Geolocation, CAPTCHA, OTP...&nbsp;
The process is as follow:
1. User access to the application url owned by the APM (e.g. https://myAPP.com)
2. APM validates the user source IP with IP Geolocation
3. If the user comes from a allowed country, a logon page is presented with username and password fields.
4. APM authenticates user against Office365/Azure AD as AAA Server.
5. If authentication is succesfull, APM lets the user access the Web Application using rewriting profile.&nbsp;
How can I configure APM to authenticate users using Azure AD as AAA server? Is it possible?
I looked for in DevCentral if there is any solution using SAML, but when APM is the IdP, all the solutions use a local AD for authentication and in my case, the AD is Office365/Azure AD.
Can anybody help me?&nbsp;
Thank you in advanced,
Sergio&nbsp;

michael_koyfma1 · Answer

Sergio,&nbsp;
There are a number of ways this can be done.  The easiest one that customer can deploy today is by setting up Azure AD Application Access and treat APM Application as the SP.  More details about it here:&nbsp;
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/get-started-with-the-azure-ad-application-gallery&nbsp;
In the future, with v13.0, we'll support OAuth, which is another way you can get authentication for your app.&nbsp;

michael_koyfman · Answer

Sergio,&nbsp;
There are a number of ways this can be done.  The easiest one that customer can deploy today is by setting up Azure AD Application Access and treat APM Application as the SP.  More details about it here:&nbsp;
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/get-started-with-the-azure-ad-application-gallery&nbsp;
In the future, with v13.0, we'll support OAuth, which is another way you can get authentication for your app.&nbsp;

sercacor · Answer

Thank you very much Michael.
This information was so usefull.&nbsp;

sercacor · Answer

Thank you very much Michael.
This information was so usefull.&nbsp;

Forum Discussion

How to authenticate local application users against Office365/Azure AD using APM?

4 Replies

Recent Discussions

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

iRule help masking IBM host URL/URI

Related Content

AD Authentication using multiple user attributes

Application tunnel Failed to download configuration

Use x-forwarded-for to bypass authentication?

Selective mutual authentication by HTTP::Host

Routing application traffic through management interface