SSO network access

Question

Hello, I searched other topics but i didn't find any solution for my problem.&nbsp;
We have SSL VPN configured for our employees. We have a login and password with a TOTP (Time-based One-time Password Algorithm) security code configured to access inside. (Image 1)&nbsp;
&nbsp;
One time you are logged, we have a menu with differents links to differents virtual servers (Sharepoint, VPN,...), with differents Access Profiles, depending of the grade and group of the employee, but that requieres loggin another time with the same credentials (but not with the TOTP code) in every single virtual server/link (that has their own Access Profiles as I said) (Image 2).&nbsp;
&nbsp;
I think the best way to do that is making some type of iRule, store the credentials the first time (only user and password), auto logon and automaticaly making the access, but I'm not really sure. I don't know if there is any other way.&nbsp;
Any idea can be useful.&nbsp;
Thank you.&nbsp;

thomas_gobet · Answer

APM integrates SSO functionnality.&nbsp;
You can create a SSO configuration into Access Policy (HTTP Basic, NTMLv1 or v2, Kerberos, Forms, SAML).&nbsp;
This link could be helpful : APM_config_sso&nbsp;
Just in case you want to use variables somewhere else : &nbsp;
* username is stored into : session.logon.last.username&nbsp;
* password   : session.logon.last.password  &nbsp;

matt_dierick · Answer

Be careful, in this case, portal web resources are linked with a second and different Access Policy. So the browser will present his first APM cookie to the second Access Policy.&nbsp;
The second access policy will not request any credential and will grant access the connection (not a new). I'm not sure if we support such a solution.&nbsp;
The best solution should be to use only one VS for APM (your access policy) and use SSO in this Access Policy.&nbsp;
Let us know if we wrong or if you want more information.&nbsp;
Matt&nbsp;

Forum Discussion

SSO network access

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Enhanced Modern Applications and MicroServices SSO with NGINX

Secure Modern Applications and MicroServices SSO with NGINX

F5 Network Map to Json with Python

WebEX SSO integration