Forum Discussion

Matthew_Platt's avatar
Matthew_Platt
Icon for Nimbostratus rankNimbostratus
Aug 23, 2017

Implementing Azure MFA options into APM

We're testing out Azure MFA in our environment and would like to implement it into our F5 APM. After following the excellent documentation provided by Greg Coward here I have it up and running. The problem is that it will only use the default MFA method and we would like to have the ability to select which MFA type to use (call, text, app, Oauth). When we tested with DUO, they were able to accomplish this with a javascript call at the bottom of the header.inc page. Has anyone been able to successfully add this ability with Azure?

 

  • Hi,

    Do i need to have an Azure MFA Radius Server on prem to implement MFA with my APM? Can't i use the default Azure MFA service that comes with my Azure AD?

  • Hi Matthew,

     

    Has anyone been able to successfully add this ability with Azure?

     

    You can not specify the MFA method while authenticating to the on-premises Azure MFA Server Radius stack. Its simply not implemented by Microsoft (e.g. MFA selection via Radius-attributes).

     

    But you could give it a try to integrate APM with your on-premises Azure MFA Server via its WebService SDK. Unfortunately I'm not aware of any F5 related configuration examples...

     

    Cheers, Kai