title | description | author | ms.date | layout | ms.topic | ms.service | ms.subservice |
---|---|---|---|---|---|---|---|
F5 - Azure AD Integration |
RZomerman |
05/5/2020 |
LandingPage |
landing-page |
In this tutorial, you'll learn how to integrate F5 with Azure Active Directory (Azure AD)
When you integrate F5 with Azure AD, you can:
- Control in Azure AD who has access to the F5 published website or VPN.
- Enable your users to be automatically signed-in to F5 with their Azure AD accounts (SSO).
- Manage your accounts in one central location - the Azure portal.
To learn more about SaaS app integration with single sign-on in Azure AD, see Single sign-on to applications in Azure Active Directory.
This chapter describes the initial SAML configuration between F5 and Azure AD. In the next chapters, this configuration will be used in an Access Profile. Note that for each application you wish to publish through F5 with Azure AD sign-in support, you will have to create a new IdP and SP in F5.
To get started, you need the following items:
- An Azure AD subscription. If you don't have a subscription, you can get a free account.
Deploying the joint solution requires the following license:
- F5 BIG-IP® Best bundle (or)
- F5 BIG-IP Access Policy Manager™ (APM) standalone license
- F5 BIG-IP Access Policy Manager™ (APM) add-on license on an existing BIG-IP F5 BIG-IP® Local Traffic Manager™ (LTM).
In addition to the above license, the F5 system may also be licensed with:
- A URL Filtering subscription to use the URL category database
- An F5 IP Intelligence subscription to detect and block known attackers and malicious traffic
- A network hardware security module (HSM) to safeguard and manage digital keys for strong authentication
Note
This walkthrough uses sample names and values from a company called Contoso. Replace these with your own. For example:
- Domain name - Contoso
- Application Name - Header App
- Application URL - https://header.contoso.com
The configuration of your F5-APM with AAD integration can be based the Guided Configuration wizard, or through manual steps if desired. The chapter describes the basic creation of an application in Azure AD based on the F5 object available in the Marketplace.
Guided:
Manual deployments:
- Manual Configuration of AAD as SAML provider
- Manual creation of an Access Profile with SAML
- Publishing Kerberos based applications with AAD & F5
- Publishing Header based applications with AAD & F5
- Publishing Advanced Header based applications with AAD & F5 - an advanced scenario where an external LDAP store is used to inject HTTP HEADERS to the backend webserver.