Access Policy Manager (APM) follows the Microsoft specification [MS-ADFSPIP]: Active Directory Federation Services and Proxy Integration Protocol so that APM can replace Microsoft Web Application Proxy (WAP) in the role of AD FS proxy. This includes enabling APM to be configured for client and device certificate authentication to AD FS. On top of that, APM can secure browser access to AD FS with an access policy.
Access Policy Manager (APM) can act as an AD FS proxy for AD FS versions 3.0 (on Windows Server 2012 R2) and 4.0 (on Windows Server 2016).
You can register Access Policy Manager (APM) with Microsoft Active Directory Federation Services (AD FS) as an AD FS proxy. Your remote users then go through APM before reaching the AD FS server or AD FS farm.
You create a Client SSL profile when you want the BIG-IP system to authenticate and decrypt/encrypt client-side application traffic.
On an AD FS server, client certificate authentication enables a user to authenticate using, for example, a smart card. If your AD FS server (version 3.0 or 4.0) is configured to support client certificate authentication using an alternate port, you can use this implementation to enable an Access Policy Manager (APM) AD FS proxy to provide the same support.
If you have not already done so, configure APM as an AD FS proxy.
On an AD FS server, client certificate authentication enables a user to authenticate using, for example, a smart card. If your AD FS server (version 4.0) is configured to support client certificate authentication using an alternate hostname, you can use this implementation to enable an Access Policy Manager (APM) AD FS proxy to provide the same support.
If you have not already done so, configure APM as an AD FS proxy.
You can configure Access Policy Manager® (APM®) to proxy device certificate authentication for devices that have already registered with AD FS for Microsoft Workplace Join.
On an AD FS server, device registration enables Microsoft Workplace Join. If you have AD FS version 3.0, you can use this implementation to enable Access Policy Manager® (APM®) to support device registration.
If you have not already done so, configure APM as an AD FS proxy. Then complete these tasks.
To secure browser access to AD FS with an access policy, complete these tasks.
You associate the access profile with the virtual server so that the system can apply the profile to incoming traffic.