Simplifying Centralized Access Configuration for Classic and Custom Applications

Applications today can be hosted virtually anywhere: in the public cloud; in data centers, whether on-premises or collocated; and any place in between. They also need to be accessible from anywhere at any time, so your users can be productive.

Applications hosted anywhere and accessible from everywhere increase the attack surface for your organization and users. They also create enormous complexity for administration and drastically increase operating expenses.

For most organizations, access to and authentication for users’ many applications cannot be centralized. While many applications have migrated to public clouds or have been replaced by SaaS, most mission-critical applications—like classic commercial and custom applications—are not migrated to the cloud due to various risks. This represents a problem to modern security models applied to all applications, such as the zero trust model.

Classic and custom applications typically do not support modern authentication standards and protocols. Support for identity federation and single sign-on (SSO) is also often unavailable, and many cannot support multi-factor authentication (MFA), either. This means your organization must manage multiple points and methods of user authentication while users must manage different credentials and various forms of authentication and access for different applications. This creates a complicated, confusing experience for employees and contractors, an increased workload for your administrators, and rising IT support costs. Perhaps more importantly, it also limits your organization’s efficiency in responding to the demands of the modern marketplace.

BIG-IP Access Policy Manager (APM) is F5’s secure, highly-scalable access management proxy solution that enables centralized global access control for users, devices, applications, and APIs. Azure Active Directory (AD) is Microsoft’s comprehensive cloud-based identity platform.

Working in concert, BIG-IP APM and Azure AD combine to enable seamless, secure access to all applications, regardless of where they’re hosted—in the public cloud, as native cloud or SaaS applications, on-premises in a data center, or in a private cloud. This integrated solution simplifies application access for your employees and contractors, greatly improving their experience while significantly reducing application access security risks to your business. It allows employees and contractors to securely access all authorized applications, whether those applications support modern authentication standards and protocols or classic authentication methods, such as Kerberos or header-based methods. The integrated solution:

• Delivers a trusted identity source in Azure AD using identity as a service (IDaaS).
• Centralizes application access control with BIG-IP APM.
• Boosts the user experience via identity federation and SSO.
• Furthers application security via MFA for all applications, including mission-critical classic and custom applications.

But what about the administrative experience with this solution?

The escalating number and use of applications within your organization drives a need to simplify secure application access setup and deployment, reduce the resulting management overhead, and provide your administrators an improved and streamlined experience. The new integration of BIG-IP APM and Azure AD addresses this need.

The implementation and administration of application access with BIG-IP APM is greatly simplified with use of its Access Guided Configuration (AGC), which guides your administrators step-by-step through the setup and deployment of BIG-IP APM, reducing time and cost.

The BIG-IP APM AGC empowers your administrators to quickly, easily configure and onboard generic classic and custom applications. In addition, the AGC offers setup and configuration guidance for BIG-IP APM and Azure AD for specific classic applications, including SAP® ERP software and Oracle® PeopleSoft applications. This directed process, which reduces the administrative time required by about 75 percent, eliminates much of the complexity previously required to bridge the gap between access to applications supporting modern authentication and those apps that do not or cannot.

The creation and management of access policies for SAP ERP and Oracle PeopleSoft are integrated directly into the BIG-IP APM AGC console. Your administrators only have to click on the appropriate icon in AGC to be walked through the complete installation of the integrated Azure AD and BIG-IP APM solution for SAP ERP or Oracle PeopleSoft. Then they need only to click Deploy in AGC to federate user identities for SAP ERP or Oracle PeopleSoft—in addition to the cloud and SaaS applications those users are authorized to access. This enables identity federation and SSO to all apps, even those that didn’t previously support either, while strengthening security by enabling MFA for all applications.

By deploying the seamlessly integrated F5 BIG-IP APM and Microsoft Azure Active Directory solution, your organization can:

• Extend identity federation to all applications—regardless of location or authorization type.
• Unify user application access through a single login via SSO.
• Amplify security for all applications, even if they previously could not support enhanced security like MFA.

You’re also able to more easily and quickly configure and deploy these capabilities for mission-critical classic applications, like SAP ERP and Oracle PeopleSoft. The results reduce expenses and, most importantly, save the precious time of technical resources for assignment to more vital projects.