WHITE PAPER

Easily Configure Secure Access to All Your Applications via Azure Active Directory


F5 BIG-IP APM and Microsoft Azure AD work seamlessly together to federate access to all your applications—even classic and custom apps.

Although there is a continuing shift to migrate workloads to the cloud and develop new cloud-native applications, the majority of an organization’s mission-critical applications will likely continue to reside on-premises for the foreseeable future. Only 27% of respondents in the 2020 F5 State of Application Services Report indicated that more than half of their applications would be in the cloud by the end of 2020.

Deploying and maintaining a mix of cloud and on-premises applications is not a new challenge, but one aspect—enabling a Zero Trust security architecture—has taken on new urgency as the number of mobile and remote workers has ballooned. F5 and Microsoft deliver a best-of-breed integrated solution for adopting Zero Trust across all of an organization’s applications—including on-premises “classic” applications as well as enterprise applications deployed in the cloud—and F5 gives administrators the tools to greatly ease access management and configuration of these applications.

Adopting a Zero Trust security model is a business-wide priority that, due to the scale, favors comprehensive, low-touch solutions. F5 and Microsoft have closely collaborated to deliver such a solution, ensuring the security and efficiency of enterprise applications deployed in the cloud or Software as a Service (SaaS) while also enabling on-premises apps to take advantage of Microsoft Azure Active Directory (Azure AD) features and capabilities through F5 BIG-IP Access Policy Manager (APM). BIG-IP APM also includes Access Guided Configuration (AGC), a feature that is capable of reducing application access configuration complexity by 75%. This has a meaningful impact on NetOps and SecOps workloads and is all the more significant because it automates tasks that are often as tedious as they are important, reducing the risk of human error when accuracy is critical.

F5 BIG-IP APM’s Access Guided Configuration capabilities have been shown to provide a 75% reduction in application access configuration complexity.

A typical enterprise might have dozens, hundreds, and sometimes even thousands of “classic” or custom applications—many developed before the public cloud was a primary consideration—that are still in daily use. These include everything from trusted applications from vendor stalwarts like Oracle and SAP to highly custom applications that maintain the functionality of an individual company’s sales, inventory, logistics, or other mission-critical capabilities. It is vital that users have fast, easy access to these apps from any location and that no app suffers a reduction in use because off-site access is too difficult.

Integration Across BIG-IP APM and Azure AD

In the cloud, Azure AD delivers a trusted enterprise identity service that also provides single sign-on (SSO) and multi-factor authentication (MFA) to help protect users from 99.9% of cybersecurity attacks. Azure AD supports more than 2,800 pre-integrated SaaS applications, including Office 365, Google Apps, and Salesforce. For many organizations, Azure AD is already a trusted identity source for connecting their workforce, partners, and customers.

BIG-IP APM secures, simplifies, and protects user access to applications, data, and application programmable interfaces (APIs), while delivering the most scalable access gateway on the market. BIG-IP APM is already deployed in a majority of Fortune 500 companies, where it is a critical component among other solutions such as F5 BIG-IP Local Traffic Manager (F5 BIG-IP LTM) and F5 Advanced Web Application Firewall (WAF).

BIG-IP APM serves as the access gateway to an organization’s classic and custom applications. The F5 and Azure AD integration bridges the identity gap between public cloud and SaaS applications that support modern authentication, such as Secure Assertion Markup Language (SAML), Open Identity Connect (OIDC), and Open Authentication (OAuth), and on-premises and private cloud applications that support classic authentication, such as Kerberos, header-based, and RADIUS.

BIG-IP APM and Azure AD work seamlessly together to federate user identity and ease user authentication and authorization to enterprise applications wherever they are hosted. Organizations can apply Azure AD Conditional Access policies and leverage the Azure Identity Protection engine to detect user sign-in risk and manage and monitor access—providing users with SSO, MFA, and password-less authentication to classic applications.

Figure 1 – F5 BIG-IP Access Policy Manager (APM) and Microsoft Azure Active Directory (AD) together address the authentication and security challenges presented today by mission-critical classic and custom applications.
Figure 1 – F5 BIG-IP Access Policy Manager (APM) and Microsoft Azure Active Directory (AD) together address the authentication and security challenges presented today by mission-critical classic and custom applications.

For organizations well-versed in these technologies, guidelines and instructions for setup and deployment, which can vary according to each organization’s use of classic applications, are available from Microsoft and from F5.

Access Guided Configuration Makes App Security Easier Than Ever

Together, BIG-IP APM and Azure AD simplify application access and deliver a better user experience by centralizing application access. The combined solution enables users to log in once and access all appropriate applications they are authorized to access—no matter where those applications are hosted—from a single location. However, improving the user experience is only part of what differentiates this partnership. On the enterprise side, there are a range of additional benefits, including the ability to greatly simplify setup and deployment, reduce management overhead, and improve the overall administrative experience.

Traditionally, administrators would look to published configuration guides and tutorials to carefully step them through the process of integrating BIG-IP APM and Azure AD. Now, with a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration (AGC) centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.

With a single interface for policy control across all apps, BIG-IP APM’s Access Guided Configuration centralizes authentication, simplifies deployment and management of application access, and eases the administrative experience.

AGC walks the administrator through a step-by-step process of setting up and deploying BIG-IP APM. This guided setup is significantly faster than the traditional approach and has a meaningful impact on administrator workloads and deployment costs.

AGC also offers the ability for Azure AD administrators to quickly onboard and manage classic, mission-critical applications such as SAP ERP and Oracle PeopleSoft. Since each of these classic apps requires its own access configuration, administrators would traditionally have had to separately configure access to their SAP applications, their Oracle applications, and every other classic or custom app—often even creating unique configurations from one version to the next. The entire process is time-consuming, tedious, and prone to human error. In other words, it is perfectly suited for automation.

Figure 2 – F5 BIG-IP APM offers Access Guided Configuration (AGC) to greatly ease the process of onboarding and managing classic and custom apps, including SAP ERP and Oracle PeopleSoft.
Figure 2 – F5 BIG-IP APM offers Access Guided Configuration (AGC) to greatly ease the process of onboarding and managing classic and custom apps, including SAP ERP and Oracle PeopleSoft.

Using AGC, the administrator can provide basic information across a straightforward, easy-to-navigate series of inputs. This capability in AGC delivers a 75% reduction in configuration complexity when compared to a generic guided configuration for BIG-IP APM and Azure AD. Once the guided process is complete and the administrator has clicked the “deploy” button, the application is available to the appropriate users. With the click of a button, the administrator will have bypassed numerous steps previously required when deploying BIG-IP APM and Azure AD to bridge the access gap for Oracle PeopleSoft and SAP ERP.

With the click of a button, the administrator will have bypassed numerous steps previously required when deploying BIG-IP APM and Azure AD to bridge the access gap.

The integrated solution federates user identity for all approved classic and custom applications, public cloud apps, and SaaS apps. This includes enhancing the user experience and credential security via SSO and increasing application security with MFA, particularly for classic and custom applications that previously could not or would not support either.

Centralizing user authentication to applications diminishes an organization’s threat landscape, improves usability, and significantly reduces administrative costs. The integration of BIG-IP APM with Microsoft Azure AD provides such centralization, significantly improving both the user and administrator experience.

Users get an enriched experience with a single user login that provides seamless, secure access to all applications, regardless of location or the authentication method used. At the same time, administrators can reduce management overhead and costs by greatly simplifying the setup for classic and custom apps that do not, natively or by extension, support modern authentication.

Conclusion

With today’s applications located on-premises and across private and public clouds, enterprises need a solution that secures, simplifies, and centralizes access to all of their applications—cloud native, SaaS, classic, and custom. They also need to extend access to applications unable to support today’s SSO protocols and MFA, while delivering Zero Trust application access and an effortless user experience. Using BIG-IP APM and Azure AD together, organizations can ensure seamless, trusted access to all of their applications—dramatically improving the experience for both users and administrators.

To learn more, please see the F5 on Microsoft Azure webpage.

 

Published October 12, 2020
  • Share to Facebook
  • Share to Twitter
  • Share to Linkedin
  • Share to email
  • Share via AddThis

Connect with F5

F5 Labs

The latest in application threat intelligence.

DevCentral

The F5 community for discussion forums and expert articles.

F5 Newsroom

News, F5 blogs, and more.