APM with NTLM SSO

the first question with this is usually what do you want to exactly do? APM with NTLM SSO can mean two very different things, were one is easy and the other can require more config.

please explain what you want more extensive then APM with NTLM SSO. where are your clients, where are your servers, what user experience do you expect?

clear, so that is the "easy" variant of NTLM SSO. in principle you just have to add a SSO Credential Mapping VPE in your Policy (after your auth VPE) and add a NTLM SSO on your Access Profile (SSO / Auth Domains tab).

NTLM SSO also require variable session.logon.last.domain is defined as NT domain name

do a variable assign:

session.logon.last.domain = expr {"DOMAIN"}

Are you trying to do SSO over applications accessed over SSL VPN? If so, you need to create layered virtual server for the web application accessed.

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-1-0/5.html

Are you trying to do SSO over applications accessed over SSL VPN? If so, you need to create layered virtual server for the web application accessed.

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-1-0/5.html

If so, have to create a VIP matching the webapp IP address as explained in the Solution article.

Client <= via VPN tunnel => APM NA vs <--> layered VS <-> internal webapp server

1) One http virtual for APM network access