Home
%3CLINGO-SUB%20id%3D%22lingo-sub-875650%22%20slang%3D%22en-US%22%3EAzure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-875650%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%20folks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20often%20hear%20from%20our%20customers%20about%20the%20complexities%20around%20providing%20seamless%20and%20secure%20user%20access%20to%20their%20applications%E2%80%94from%20cloud%20SaaS%20applications%20to%20legacy%20on-premises%20applications.%20Based%20on%20your%20feedback%2C%20we%E2%80%99ve%20worked%20to%20securely%20connect%20%3CEM%3E%3CU%3Eany%3C%2FU%3E%3C%2FEM%3E%20app%2C%20on%20%3CEM%3E%3CU%3Eany%3C%2FU%3E%3C%2FEM%3E%20cloud%20or%20server%E2%80%94through%20a%20variety%20of%20methods.%20And%20today%2C%20I%E2%80%99m%20thrilled%20to%20announce%20our%20deep%20integration%20with%20F5%20Networks%20that%20simplifies%20secure%20access%20to%20your%20legacy%20applications%20that%20use%20protocols%20like%20header-based%20and%20Kerberos%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBy%20centralizing%20access%20to%20all%20your%20applications%2C%20you%20can%20leverage%20all%20the%20benefits%20that%20Azure%20AD%20offers.%20Through%20the%20F5%20and%20Azure%20AD%20integration%2C%20you%20can%20now%20protect%20your%20legacy-auth%20based%20applications%20by%20applying%20Azure%20AD%20Conditional%20Access%20policies%20to%20leverage%20our%20Identity%20Protection%20engine%20to%20detect%20user%20risk%20and%20sign-in%20risk%2C%20as%20well%20as%20manage%20and%20monitor%20access%20through%20our%20identity%20governance%20capabilities.%20Your%20users%20can%20also%20gain%20single%20sign-on%20(SSO)%20and%20use%20passwordless%20authentication%20to%20these%20legacy-auth%20based%20applications.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20help%20you%20get%20started%2C%20we%20made%20it%20easier%20to%20publish%20these%20legacy-auth%20based%20applications%20by%20making%20the%20%3CA%20href%3D%22https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Faad.f5%3Ftab%3DOverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EF5-BIG%20IP%20Application%20Policy%20Manager%3C%2FA%3E%20available%20in%20the%20Azure%20AD%20app%20gallery.%20You%20can%20learn%20how%20to%20configure%20your%20legacy-auth%20based%20applications%20by%20reviewing%20our%20documentation%20below%20based%20on%20the%20app%20type%20and%20scenario%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fheaderf5-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFor%20Header%20based%20apps%20%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fkerbf5-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFor%20Kerberos%20based%20apps%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fadvance-kerbf5-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFor%20advanced%20Kerberos%20scenarios%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D2105083%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFor%20Oracle's%20on-premises%20PeopleSoft%20application%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F133540i4DC349868E85C7BC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%221%20Azure%20AD%20and%20F5.png%22%20title%3D%221%20Azure%20AD%20and%20F5.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20always%2C%20let%20us%20know%20your%20feedback%2C%20thoughts%2C%20and%20suggestions%20in%20the%20comments%20below%2C%20so%20we%20can%20continue%20to%20build%20capabilities%20that%20help%20you%20securely%20connect%20any%20app%2C%20on%20any%20cloud%2C%20for%20every%20user.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlex%20Simons%20(%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FAlex_A_Simons%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Alex_A_Simons%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3ECorporate%20VP%20of%20Program%20Management%3C%2FP%3E%0A%3CP%3EMicrosoft%20Identity%20Division%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-875650%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20deep%20integration%20with%20Azure%20AD%20and%20F5%20Networks%2C%20you%20can%20now%20protect%20your%20legacy-auth%20based%20applications.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20820px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F133538iE30DB3B9146C2ABC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Azure%20AD%20and%20F5.png%22%20title%3D%22Azure%20AD%20and%20F5.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-875650%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Information%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892773%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892773%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20great.%20Can%20this%20be%20a%20replacement%20for%20Azure%20AD%20Domain%20Services%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-898636%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-898636%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F419913%22%20target%3D%22_blank%22%3E%40Balori%3C%2FA%3E%26nbsp%3BFor%20example%20AAD-DS%20can%20be%20used%20in%20combination%20with%20Kerberos-based%20apps%20in%20resource%20islands%20as%20AWS.%20In%20such%20a%20scenario%20F5%20BigIP%20APM%20publishes%20the%20web%20app%20being%20protected%20by%20AAD.%20Here%20AAD-DS%20would%20still%20be%20required%20to%20allow%20KCD%20(Kerberos%20Constrained%20Delegation).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F53477%22%20target%3D%22_blank%22%3E%40Alex%20Simons%20(AZURE)%3C%2FA%3E%26nbsp%3BAlex%2C%20am%20I%20right%2C%20that%20this%20kind%20of%20integration%20requires%20latest%20BigIP%20version%2015%2B%3F%20This%20is%20not%20clearly%20stated%20out%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fheaderf5-tutorial%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Tutorial%3C%2FA%3E%20to%20implement%20the%20integration%20between%20F5%20and%20AAD.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916441%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916441%22%20slang%3D%22en-US%22%3E%3CP%3EWow%20that%20is%20awesome%2C%20congratulations%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-938989%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-938989%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F220042%22%20target%3D%22_blank%22%3E%40Peter%20Meuser%3C%2FA%3E%20%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20we%20have%20updated%20our%20integration%20article.%20Note%20that%20you%20don't%20need%20F5%20Version%2015%2B%20for%20this%20integration.%20You%20can%20achieve%20this%20integration%20using%20F5%20version%2012%2B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EJeevan%20Desarda%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-942162%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20%2B%20F5%E2%80%94helping%20you%20secure%20all%20your%20applications%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-942162%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Jeevan%2C%20the%20article%3C%2FP%3E%3CH1%20id%3D%22toc-hId-2019489120%22%20id%3D%22toc-hId-2019489120%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fheaderf5-tutorial%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ETutorial%3A%20Azure%20Active%20Directory%20single%20sign-on%20(SSO)%20integration%20with%20F5%3C%2FA%3E%3C%2FH1%3E%3CP%3Eis%20based%20on%20the%20guided%20configuration%20of%20F5%2C%20which%20requires%20version%2015.%20To%20which%20integration%20article%20are%20you%20referencing%20to%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E

Howdy folks,

 

We often hear from our customers about the complexities around providing seamless and secure user access to their applications—from cloud SaaS applications to legacy on-premises applications. Based on your feedback, we’ve worked to securely connect any app, on any cloud or server—through a variety of methods. And today, I’m thrilled to announce our deep integration with F5 Networks that simplifies secure access to your legacy applications that use protocols like header-based and Kerberos authentication.

 

By centralizing access to all your applications, you can leverage all the benefits that Azure AD offers. Through the F5 and Azure AD integration, you can now protect your legacy-auth based applications by applying Azure AD Conditional Access policies to leverage our Identity Protection engine to detect user risk and sign-in risk, as well as manage and monitor access through our identity governance capabilities. Your users can also gain single sign-on (SSO) and use passwordless authentication to these legacy-auth based applications.

 

To help you get started, we made it easier to publish these legacy-auth based applications by making the F5-BIG IP Application Policy Manager available in the Azure AD app gallery. You can learn how to configure your legacy-auth based applications by reviewing our documentation below based on the app type and scenario:

 

1 Azure AD and F5.png

 

As always, let us know your feedback, thoughts, and suggestions in the comments below, so we can continue to build capabilities that help you securely connect any app, on any cloud, for every user.

 

Best regards,

 

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

5 Comments
Occasional Visitor

This is great. Can this be a replacement for Azure AD Domain Services

Established Member

@Balori For example AAD-DS can be used in combination with Kerberos-based apps in resource islands as AWS. In such a scenario F5 BigIP APM publishes the web app being protected by AAD. Here AAD-DS would still be required to allow KCD (Kerberos Constrained Delegation).

 

@Alex Simons (AZURE) Alex, am I right, that this kind of integration requires latest BigIP version 15+? This is not clearly stated out in the Microsoft Tutorial to implement the integration between F5 and AAD.

Occasional Visitor

Wow that is awesome, congratulations

Microsoft

Hello @Peter Meuser ,

 

Now we have updated our integration article. Note that you don't need F5 Version 15+ for this integration. You can achieve this integration using F5 version 12+

 

Thanks,

Jeevan Desarda

Established Member

Hi Jeevan, the article

Tutorial: Azure Active Directory single sign-on (SSO) integration with F5

is based on the guided configuration of F5, which requires version 15. To which integration article are you referencing to?