Nath
May 10, 2022Cirrostratus
SAML F5 as SP initiated with Azure MFA Integration
Hi Experts,
I am deploying F5 as SP with Azure MFA, during the deployment we encountered this behavior below(which is expected):
- User access F5 VPN, F5 authenticates users thru local AD
- Users will redirect to Azure MFA for a second verification
- Users will key in their Azure account and Azure will send SMS OTP
- Once verified, users can access applications behind F5 APM
The issue we encountered is when the user login for the 2nd time, there was no challenge/authentication presented to the users, we guess it's because of the SSO or cookie session on the Azure.
- User access F5 VPN, F5 authenticates users thru local AD
- Users will redirect to Azure MFA (no verification/authentication)
- Users can access F5 APM
After we noticed the behavior above, we used the force authentication option in the F5 SAML configuration (which seems to be the answer):
However, we want to minimize the user effort because every time they are redirected to Azure MFA they need to key in their Azure credentials (username & pass).
My question is, is there a way to pass the credentials from the F5 logon page to the Azure MFA login portal thru SAML.