F5 APM - Application access with Azure AD

I would like to write about simplify and centralize access to web applications. Most organizations have lots of different web applications. Some of them are classic applications or custom apps. There are also mission-critical applications such as SAP, ERP or Oracle apps. These types of applications tend to live on premise or in a private cloud. When users access to these applications, they use Kerberos, NTLM or maybe header-based authentication. Administrator has to have different identity stores and different access policies for each of these apps. Administrators have that burden of keeping up with all these apps.

An organisation in addition have modern applications such as SaaS apps in a public cloud. All of these SaaS apps tend to use standards such as SAML or OpenID Connect (OIDC) – OAuth. These standards allow SaaS apps authentication with Identity as a Service providers (IDaaS) such as Azure Active Directory (AAD).

As a result, there are mainly two kind of apps. The applications on-premise and the applications in the cloud. This generate a lot of frustration for users and administrators. Therefore, we need some thing in the middle to simplify and centralize all of these applications. F5 BIG-IP APM can take the simplification and centralization of all these access to all these different applications. Rather than having indentity stores with access policies in the cloud and identity store with access policies on premise, BIG-IP APM can centralize all that and it can even have context aware policies based on a lot of different parameters like time of the day, location, endpoint security checks, etc. Consequently, users can work through APM to gain access directly to both kind of apps.

Secure hybrid application access

There is a capability in APM version 15 called AGC (Advanced Guided Configuration) which allow to set up and integrate the Microsoft Azure Active Directory easily in the APM. We can onboard the custom and classic applications in the console of APM and we can also onboard Azure Active Directory for cloud-based identity services in the APM. Therefore, users can gain access to classic applications who may not otherwise be able to transition to a public cloud environment. However, BIG-IP APM version 16 has also a new feature called Simplified Guided Configuration which provides step-by-step guidance to onboard easily apps like SAP, ERP, Oracle, PeopleSoft, etc. As a result, we can just step right through this simplified guide to get classic and custom applications onboarded into Azure Active Directory and APM. It just really simplifies things for the administrator and then suddenly the user by using the step-by-step simplified guided configuration.

F5 APM - Simplified Guided Configuration

To sum up, if a user need to access to classic or custom applications with, for instance, Kerberos or header-based authentication, they are still going to use the more modern technology of SAML and they have the capability and the benefit of Single Sign-On (SSO) because they interact with APM which will take the SAML assertion, that’s generated through the whole SAML process, and it will translate the data out of the SAML assertion to Kerberos or header based or whatever authentication.

Thanks my friends!! Are you ready for simplifying application access with Microsoft AAD and F5 APM?