Microsoft and F5: A Single Identity and Security Strategy for All Apps

F5 Miniatura
Published September 30, 2019

It’s an application-driven world.

There are now hundreds of millions of applications, and, depending on size, an average enterprise company uses between 500 to 1,000 of them to operate their business. Driven by the need to increase business velocity, create better user experiences, and lower costs, companies spread their application portfolios across multiple data centers and public clouds. This is creating a tremendous amount of complexity for companies as they develop, deploy, manage, and govern their expanding set of applications—especially as they look to create a single security and identity strategy across all of their applications, whether they be hosted in on-premises, offsite data centers, or in public clouds. Furthermore, many older applications do not interoperate with modern authentication methods.

While it is true that many applications are being migrated to the cloud and most new applications are born in the cloud, there is data to indicate organizations will have a hybrid application strategy across on-premises, offsite data centers, and multiple public clouds for many years. IBM commissioned a study by McKinsey & Company that found about 80% of workloads and the applications that support public cloud applications will continue to remain on-premises.

There are myriad reasons for this. Some applications are not conducive to modernization. There are legacy applications that are not suited for, or incapable of, cloud migration. Many on-premises apps do not support modern authentication and authorization, including standards and protocols such as SAML, OAuth, or OpenID Connect (OIDC). An organization may not have the staff talent or time to perform application modernization for their on-premises apps.

Security is one of the primary considerations for organizations in determining whether or not to migrate applications to the public cloud. The problem for organizations with applications in the cloud, in a data center, managed, or as a service, is to create a cost-effective hybrid architecture that yields secure application access and a great experience that allows users to find apps easily, have consistent user experiences, and enjoy easy access with single-sign-on (SSO) tied to a central identity and authentication strategy.

With thousands of apps in use daily, hosted in all or any combination of these locations, how can organizations ensure secure, appropriate user access without requiring users to login in multiple times? In addition, how can organizations terminate user access to each application without having to access each app individually?

Working together, Microsoft and F5 have the answer: By deploying Microsoft Azure Active Directory, Microsoft’s comprehensive cloud-based identity platform, along with F5’s trusted application access solution, Access Policy Manager (APM), organizations are able to federate user identity, authentication, and authorization and bridge the identity gap between cloud-based (IaaS), SaaS, and on-premises applications.

F5 APM and Azure Active Directory simplify app access user experience. Regardless of where the application lives—cloud-based, SaaS, on-premises, etc.—together, they allow users to log in once and access all applications they have the right to access from a single location.

The joint Microsoft and F5 solution allows legacy applications incapable of supporting modern authentication and authorization to interoperate with Azure Active Directory. Even if an app doesn’t support SAML, and only is able to support header- or Kerberos-based authentication, it can still be enabled with single sign-on (SSO) and support multi-factor authentication (MFA) through the F5 APM and Azure Active Directory combination. Azure Active Directory as an IDaaS delivers a trusted root of identity to APM creating a bridge between modern and legacy applications, delivering SSO and securing the app with MFA.

Now, users only have to create and remember a single credential for access that can be used in conjunction with MFA. This means users will get access to apps faster and easier, removing the need to authenticate over and over again, and are more secure as they are less prone to phishing attacks or password misuse.

The Microsoft / F5 combination also alleviates stress for administrators as it creates one centralized policy authority for application access, including on-premises legacy apps that don’t support modern authentication and applications in the cloud. Administrators can now simply tear down user access from a single location instead of having to enter each app to cancel user access, greatly reducing potential for human error.

Organizations can take a methodical, organized approach to cloud application migration. This architecture allows moving apps from on-premises to the cloud over time without changing identity strategies, as this architecture is portable to the cloud. The combination enables simple, secure user access to applications regardless of location, while allowing an organization to leverage their existing on-premises directory as they continue their cloud migration. All of this makes the app and the data behind it more secure while allowing a true hybrid architecture for application access.

The close partnership between F5 and Microsoft, and the integration between F5 APM and Microsoft Azure Active Directory, will continue to deliver security and trusted access benefits for organizations worldwide.