Thanks for the video, it cleared up a lot of confusion I had. However, the BIG-IP APM configuration part is missing. Can you briefly go over the steps?
Hi Daniel, it is simple :) It a classic Network Access policy with a certificate authentication (client certificate). You must import the Azure CA into BIGIP and add a client cert auth on your VS (or in APM VPE) to control the certificate issued by Azure CA.
Can you help me with this doubt? I made the integration of APM with Azure and in the environment which does not go through Azure the authentications made in AD and are by network account. When I integrated with Azure I'm having authentication problems because in the Azure environment the accounts are made by (email account) and when it reads it gets lost. Can I change this in apm so that Ad understands that the request is being made by email account and not by network account?
on APM, with a logon page, you can use the option split domain to extract the domain from the UPN name@domain.com This will set the username and the domain automatically
you can extract the username from email using variable assign ; session.logon.last.username return [lindex [split [mcget {session.saml.last.identity}] "@"] 0]