SQL database is not a supported APM AAA object so APM would have no native way to verify the user's identity. That being said, I have customers that write a simple HTTP Basic authentication app that can front-end the SQL DB and allow APM to use HTTP based authentication.
IF you go down that route the user would 1st authenticate to APM and then F5 would SSO to your portal. When the user clicks on a link in your portal that link can be one of two things:
1) Link to an SP initiated SAML login
2) Link to an IdP initiated SAML login
This really depends upon what features your external applications support.
My recommendation would be to contact your local F5 sales team and have an architecture discussion with them so they can help you with the design.