customize logon page

Question

Hi all -
This post from 2014 is what I'm looking for an update for in v 11.5.&nbsp;
Is there a way to customize the logon page?  It's the same use case as the linked article.  We have a general logon page and a subsequent challenge response page. 
Are there options to customize both logon pages?  Think of something along the lines of replacing the out-of-the-boxo F5 pages with something like Google's initial and 2FA logon pages. &nbsp;
We do not have a CMS to host the webpage on and are looking to host it locally on the F5.
Not sure if this is technically possible but wanted to reach out to see if the F5 community could help.
Thanks in advance!&nbsp;

troy_murray_196 · Answer

This past summer we implemented F5 Access Policy Manager (APM) for our first project. One of the project goals was to have a consistent (as much as possible) user experience for logins using our existing authentication system and multi-factor authentication through our contracted service provider. &nbsp;
With the HTML / CSS / JavaScript templates from our front-end team we were able to integrate these into our Access Policy using the Advanced area under&nbsp;
Access PolicyCustomizationAdvancedAccess Profiles(your policy name)Access PolicyLogon Pages(logon page macro name)
There was a good amount of trial and error, but we eventually achieved our goal of a 99% identical logon page look and feel for our users. It is important to note the recommendations of F5 to NOT change any of the existing CSS classes, but to create your own.&nbsp;

han5rt8d_255517 · Answer

Thanks, Troy!  Appreciate the response.&nbsp;
Question regarding your project: How many login steps do you require users to authenticate prior to accessing the resource?  We are facing the issue when users are taken to the challenge response (two-step) page as the webpage does not render the challenge statement (ex.: enter OTP here xyz). &nbsp;
We were able to use the Advanced section to customize our initial login page but we're seeing that customization is moot and broken in light of the secondary step. &nbsp;
Have you done this as well?  &nbsp;

troy_murray_196 · Answer

We have our password and MFA on the same page, although I've thought about separating them out, we haven't yet.&nbsp;

han5rt8d_255517 · Answer

Interesting. Can I ask what you're using as the MFA platform? &nbsp;
Our AP requires a successful initial auth prior to taking the user to the MFA page.  These are two separate webpages that the user pass through prior to accessing the resource.  
&nbsp;
Your implementation sounds like you have one webpage and has three fields for: &nbsp;
Username: ____________&nbsp;
Password: ______________&nbsp;
MFA code: ______________&nbsp;
If so, how does the system know which system (ex.: initial auth w/ AD; secondary w/ MFA system) to auth the user against? &nbsp;

troy_murray_196 · Answer

I'm not comfortable listing our MFA solution on this public forum at this time. However I can share this, our authentication page looks similar to what you have above and you list two example auths, so I'll use those.&nbsp;
You could create a logon page that has all three fields. Upon submission the first macro could be your Active Directory authentication. If that Active Directory authentication macro is successful then that success branch could next be your MFA authentication macro. If that one is also success then the user could be presented the resources.&nbsp;

Forum Discussion

customize logon page

5 Replies

Recent Discussions

Stable Firmware for F5

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

Related Content

custom response page for api

BIG-IP APM - Customized Logon Page

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Custom APM Logon page Access policy evaluation is already in progress for your current session

Customizing APM end user login page with APM Advanced Customization Templates