The problem
Easily Configure Secure Access to All Your Applications via Azure Active Directory
F5 BIG-IP APM and Microsoft Azure AD work seamlessly together to federate access to all your applications—even classic and custom apps.
Although there is a continuing shift to migrate workloads to the cloud and develop new cloud-native applications, the majority of an organization’s mission-critical applications will likely continue to reside on-premises for the foreseeable future. Only 27% of respondents in the 2020 F5 State of Application Services Report indicated that more than half of their applications would be in the cloud by the end of 2020.
Deploying and maintaining a mix of cloud and on-premises applications is not a new challenge, but one aspect—enabling a Zero Trust security architecture—has taken on new urgency as the number of mobile and remote workers has ballooned. F5 and Microsoft deliver a best-of-breed integrated solution for adopting Zero Trust across all of an organization’s applications—including on-premises “classic” applications as well as enterprise applications deployed in the cloud—and F5 gives administrators the tools to greatly ease access management and configuration of these applications.
Adopting a Zero Trust security model is a business-wide priority that, due to the scale, favors comprehensive, low-touch solutions. F5 and Microsoft have closely collaborated to deliver such a solution, ensuring the security and efficiency of enterprise applications deployed in the cloud or Software as a Service (SaaS) while also enabling on-premises apps to take advantage of Microsoft Azure Active Directory (Azure AD) features and capabilities through F5 BIG-IP Access Policy Manager (APM). BIG-IP APM also includes Access Guided Configuration (AGC), a feature that is capable of reducing application access configuration complexity by 75%. This has a meaningful impact on NetOps and SecOps workloads and is all the more significant because it automates tasks that are often as tedious as they are important, reducing the risk of human error when accuracy is critical.
F5 BIG-IP APM’s Access Guided Configuration capabilities have been shown to provide a 75% reduction in application access configuration complexity.
A typical enterprise might have dozens, hundreds, and sometimes even thousands of “classic” or custom applications—many developed before the public cloud was a primary consideration—that are still in daily use. These include everything from trusted applications from vendor stalwarts like Oracle and SAP to highly custom applications that maintain the functionality of an individual company’s sales, inventory, logistics, or other mission-critical capabilities. It is vital that users have fast, easy access to these apps from any location and that no app suffers a reduction in use because off-site access is too difficult.
Access Guided Configuration Makes App Security Easier Than Ever
Together, BIG-IP APM and Azure AD simplify application access and deliver a better user experience by centralizing application access. The combined solution enables users to log in once and access all appropriate applications they are authorized to access—no matter where those applications are hosted—from a single location. However, improving the user experience is only part of what differentiates this partnership. On the enterprise side, there are a range of additional benefits, including the ability to greatly simplify setup and deployment, reduce management overhead, and improve the overall administrative experience.
Traditionally, administrators would look to published configuration guides and tutorials to carefully step them through the process of integrating BIG-IP APM and Azure AD. Now, with a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration (AGC) centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.
With a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.
Benefits of Using F5 BIG-IP APM and Azure AD together
With just AzureAD you can:
- Have a SSO among cloud applications that support SAML, OIDC, AzureAD (Azure Market Place)
- Provide of conditional access to applications through policies
- Have a MFA with push notification
- Simplify the user onboarding process and user management
- Have a central password policy
Integrating F5 BIG-IP APM on AzureAD gives:
- Extend SSO to non-supported / Legacy applications
- Extend SSO to on premise apps
- Apply Prelogon security checks
- Apply MFA Push notification for all applications taking advantage of Azure capabilities
- Do not install ADFS and keep user credentials on your infrastructure
Azure Active Directory and BIG-IP APM Integration
In the cloud, Azure AD delivers a trusted enterprise identity service that also provides single sign-on (SSO) and multi-factor authentication (MFA) to help protect users from 99.9% of cybersecurity attacks. Azure AD supports more than 2,800 pre-integrated SaaS applications, including Office 365, Google Apps, and Salesforce. For many organizations, Azure AD is already a trusted identity source for connecting their workforce, partners, and customers.
BIG-IP APM secures, simplifies, and protects user access to applications, data, and application programmable interfaces (APIs), while delivering the most scalable access gateway on the market. BIG-IP APM is already deployed in a majority of Fortune 500 companies, where it is a critical component among other solutions such as F5 BIG-IP Local Traffic Manager (F5 BIG-IP LTM) and F5 Advanced Web Application Firewall (WAF).
BIG-IP APM serves as the access gateway to an organization’s classic and custom applications. The F5 and Azure AD integration bridges the identity gap between public cloud and SaaS applications that support modern authentication, such as Secure Assertion Markup Language (SAML), Open Identity Connect (OIDC), and Open Authentication (OAuth), and on-premises and private cloud applications that support classic authentication, such as Kerberos, header-based, and RADIUS.
BIG-IP APM and Azure AD work seamlessly together to federate user identity and ease user authentication and authorization to enterprise applications wherever they are hosted. Organizations can apply Azure AD Conditional Access policies and leverage the Azure Identity Protection engine to detect user sign-in risk and manage and monitor access—providing users with SSO, MFA, and password-less authentication to classic applications.
For organizations well-versed in these technologies, guidelines and instructions for setup and deployment, which can vary according to each organization’s use of classic applications, are available from Microsoft and from F5.
Why F5 BIG-IP APM and Azure AD together?
With today’s applications located on-premises and across private and public clouds, enterprises need a solution that secures, simplifies, and centralizes access to all of their applications—cloud native, SaaS, classic, and custom. They also need to extend access to applications unable to support today’s SSO protocols and MFA, while delivering Zero Trust application access and an effortless user experience. Using BIG-IP APM and Azure AD together, organizations can ensure seamless, trusted access to all of their applications—dramatically improving the experience for both users and administrators.
