Hi all -
This post from 2014 is what I'm looking for an update for in v 11.5.
Is there a way to customize the logon page? It's the same use case as the linked article. We have a general logon page and a subsequent challenge response page.
Are there options to customize both logon pages? Think of something along the lines of replacing the out-of-the-boxo F5 pages with something like Google's initial and 2FA logon pages.
We do not have a CMS to host the webpage on and are looking to host it locally on the F5.
Not sure if this is technically possible but wanted to reach out to see if the F5 community could help.
Thanks in advance!
This past summer we implemented F5 Access Policy Manager (APM) for our first project. One of the project goals was to have a consistent (as much as possible) user experience for logins using our existing authentication system and multi-factor authentication through our contracted service provider.
There was a good amount of trial and error, but we eventually achieved our goal of a 99% identical logon page look and feel for our users. It is important to note the recommendations of F5 to NOT change any of the existing CSS classes, but to create your own.
Thanks, Troy! Appreciate the response.
Question regarding your project: How many login steps do you require users to authenticate prior to accessing the resource? We are facing the issue when users are taken to the challenge response (two-step) page as the webpage does not render the challenge statement (ex.: enter OTP here xyz).
We were able to use the Advanced section to customize our initial login page but we're seeing that customization is moot and broken in light of the secondary step.
Have you done this as well?
We have our password and MFA on the same page, although I've thought about separating them out, we haven't yet.
Interesting. Can I ask what you're using as the MFA platform?
Our AP requires a successful initial auth prior to taking the user to the MFA page. These are two separate webpages that the user pass through prior to accessing the resource.
Your implementation sounds like you have one webpage and has three fields for:
MFA code: ______________
If so, how does the system know which system (ex.: initial auth w/ AD; secondary w/ MFA system) to auth the user against?
I'm not comfortable listing our MFA solution on this public forum at this time. However I can share this, our authentication page looks similar to what you have above and you list two example auths, so I'll use those.
You could create a logon page that has all three fields. Upon submission the first macro could be your Active Directory authentication. If that Active Directory authentication macro is successful then that success branch could next be your MFA authentication macro. If that one is also success then the user could be presented the resources.