Great video! That Lightboard tech is awesome! Can you explain how the APM is able to block Internet / Extranet access to a RPT configured on the AD FS farm? For example, if I wanted to use the APM module for external access but there were certain Web applications configured in the AD FS farm that I only wanted to be accessible on the internal network. Thanks!
Hi Todd...great question! This access is actually configured on the AD FS farm and not the APM. And, the APM knows if a user is internal or external based on the support of APM and Microsoft Active Directory Federation Services and Proxy Integration Protocol. Here's a quick blog writeup that explains it a little more: www.f5.com/company/blog/identity-federation-and-sso-for-microsoft-and-f5-customers Hope this helps!
Hi Matt...great question! The "token" would likely come from the AD FS server and could certainly be in the form of a SAML assertion. You could also use other proprietary Microsoft technology like WF-Federation. As for the BIG-IP, it can certainly be setup as an IdP (or even an SP), but in this architecture, it would likely be used for load balancing and proxy services. But, lots of options are available depending on your specific needs. Here's a Microsoft article that describes Federation with AD FS in a little more detail: docs.microsoft.com/en-us/azure/architecture/multitenant-identity/adfs
Let me be clear first. I like F5 but it does not magically make accessing O365 easier. First it is not complicated like he said there are plenty of resource that explain how it is very easy to setup the O365 with ADFS for free with just a windows server license without f5. F5 is not cheap at all. I like F5 I use F5 but i would never never buy it just for O365. It works for more complicated situations not simple straight forward ones like O365.
Great video! That Lightboard tech is awesome! Can you explain how the APM is able to block Internet / Extranet access to a RPT configured on the AD FS farm? For example, if I wanted to use the APM module for external access but there were certain Web applications configured in the AD FS farm that I only wanted to be accessible on the internal network. Thanks!
Hi Todd...great question! This access is actually configured on the AD FS farm and not the APM. And, the APM knows if a user is internal or external based on the support of APM and Microsoft Active Directory Federation Services and Proxy Integration Protocol. Here's a quick blog writeup that explains it a little more: www.f5.com/company/blog/identity-federation-and-sso-for-microsoft-and-f5-customers
Hope this helps!
What form would the 'token' come into the Office 365 gateway? Would this be like, a SAML assertion coming from the F5 (set up as an IdP in this case)?
Hi Matt...great question! The "token" would likely come from the AD FS server and could certainly be in the form of a SAML assertion. You could also use other proprietary Microsoft technology like WF-Federation. As for the BIG-IP, it can certainly be setup as an IdP (or even an SP), but in this architecture, it would likely be used for load balancing and proxy services. But, lots of options are available depending on your specific needs.
Here's a Microsoft article that describes Federation with AD FS in a little more detail: docs.microsoft.com/en-us/azure/architecture/multitenant-identity/adfs
Let me be clear first. I like F5 but it does not magically make accessing O365 easier. First it is not complicated like he said there are plenty of resource that explain how it is very easy to setup the O365 with ADFS for free with just a windows server license without f5. F5 is not cheap at all. I like F5 I use F5 but i would never never buy it just for O365. It works for more complicated situations not simple straight forward ones like O365.