NimbostratusHello,
I have an access policy for webmail where i have configured OTP to sms if user is member of a spesific AD group and OTP to email if user is member of another AD group.
Is it possible to have BIG IP APM to send OTP to both sms and email if user is member of both group?
NimbostratusHow do you send out the OTP, using HTTP Auth? If yes, I think you can call twice or can pass extra POST variable.
Nimbostratushi ,
you will need to add an additional branch in the AD Query [if user is member of group-1 AND group-2]
how the OTP will be generated ? you need to have 3rd-party application to generate OTP for AD users [like RSA or mi-token] then F5-APM will send the use's login details to the OTP 3rd-party server as RADIUS authentication [by replacing the raduis password by AD-user-attributes like mobile phone number] . then the OTP server need to have SMS functionality to send the OTP to the SMS-server using HTTP Auth .
APM can't send the OTP to the SMS server , APM will pass the user-details from the login page to OTP server , OTP server will send the OTP to SMS-server .
APM will be able to send simple messages like successfully logged on or login-attempt-failure directly to the SMS server using HTTP Auth .
NimbostratusSolved.
I just placed OTP send to sms and email after eachother in editor.