Tag: AAD

  • F5 – AZURE AD – V16 INTEGRATION

    With the release of v16 of the Big-IP software, F5 has created a fully guided integration with Azure AD. This allows F5 administrators to publish their published services directly into Azure AD including assignment to the application to users and groups. This post goes over the step by step guide and shows you the field…

  • F5 – AZURE AD – ROLE assignments to Header based apps

    In a previous post I talked about using F5 in front of an Header based application using AAD as the identity provider. While we managed to convert claims into headers, we did not yet integrate the capability of user roles into the equation. Perhaps your application uses “roles” based on headers and users are assigned…

  • F5 – AZURE AD – RADIUS MFA AGENT – PART 2

    This post is the second in a short series that uses another Azure AD feature, the NPS agent that allows the Network Policy Server (Radius) in Windows Server to act as an MFA provider using Azure AD MFA. – read the first post on: https://blog.azureinfra.com/2020/05/28/f5-azure-ad-radius-mfa-agent-part-1/ The scenario is still a user logging into an F5…

  • F5 – Azure AD – Radius MFA agent – part 1

    I’ve posted a lot already on the integration between F5 APM and Azure AD to achieve SSO, improve the user experience and even link VPN’s to Azure AD. This post is the first in a short series that uses another Azure AD feature, the NPS agent that allows the Network Policy Server (Radius) in Windows…

  • B2B USERS & INTERNAL APPS – MIM deployment

    In many of my previous posts I talked about B2B users being replicated to your own AD for guest users to be able to login to your backend (Kerberos) applications. This adding of guest users to your AD can be done using my PowerShell script, the MIM guide from Microsoft – although it seems to…

  • F5 – AAD – HEADER BASED – EXTERNAL ATTRIBUTES

    In earlier posts I talked about my favorite authentication protocol ‘Kerberos’, but obviously there are many more authentication protocols such as HEADER based authentication. While we won’t be sending the password of users straight to the backend webserver we can send additional information. Azure AD App Proxy in combination with Ping Access can already do…

  • F5 – AAD – VPN with MFA

    In earlier posts I talked about using F5 as a reverse proxy to Kerberos based resources using Azure AD authentication. This post takes it a step further. Creating an SSL VPN based on Azure AD identities with Conditional Access (if needed). So, the architecture: As you might have seen, there is no Active directory in…

  • Delegated Windows Virtual Desktop Deployment

    When deploying Windows Virtual Desktop in Azure you can use all the administrative credentials you can find as per the guide. But what if you are in a more “regular” environment where you don’t have “Domain Admin” and “Global Admin” permissions? In that case, you follow this post where we will look at who needs…

  • B2B Users & INternal apps

    AAD B2B & AD KCD – AAD App Proxy In a previous post I talked about using Azure AD App Proxy in combination with B2B accounts. This is to allow B2B invited guest users to be able to connect to internal applications using Kerberos, without them knowing their sAMAccountName or password. In that post, I…

  • ImmutableID – mS-DS-ConsistencyGuid – AADSync

    Paul Williams talked in his blog about using another attribute from on-premises Ad’s to act as the ImmutableID for Azure Active Directory (http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/) While making a very detailed blog entry on why and which attribute to choose, there wasn’t a guide on how to make this work in AADSync. [update 21-Aug-2017: The latest version of…