In this demo, I demonstrate how to use APM as an IDP chain with Azure AD, so APM can leverage the identity security with 3rd part solutions. Here, I use Datasafe to protect the password.

0:00 Intro
0:33 The use case
2:35 BIGIP Configuration
4:50 The user experience
6:00 Datasafe encrypted the password
8:00 Conditional Access

The Powershell commands to convert your Azure Tenant from Cloud to Federate are below (adapt the URI with your APM FQDN):

$cred=GetCredential
ConnectMsolService –Credential $cred

$dom = "emea.f5se.com"
$FedBrandName = “AzureAD”
$url = "https://federate.emea.f5se.com/saml/i..."
$ecpUrl = "https://federate.emea.f5se.com /saml/idp/profile/redirectorpost/sso"
$uri = "https://federate.emea.f5se.com”
$logouturl = "https://federate.emea.f5se.com /vdesk/hangup.php3"
$cert = NewObject System.Security.Cryptography.X509Certificates.X509Certificate2("c:\temp\star.emea.f5se.com.crt")
$certData = [system.convert]::tobase64string($cert.rawdata)

SetMsolDomainAuthentication –DomainName $dom –FederationBrandName $FedBrandName Authentication Federated PassiveLogOnUri $url SigningCertificate $certData IssuerUri $uri ActiveLogOnUri $ecpUrl LogOffUri $logouturl PreferredAuthenticationProtocol SAMLP