APM local user database and OTP

Question

Hi&nbsp;
Is there any way to add fields to the APM local user database? The local db was introduced back in 11.4 and it can have only user names, password and e-mail + group info. Is there any way to add more fields, like phone number for 2-factor authentication using built-in SMS OTP functionality?&nbsp;
This would be useful in certain situations for example giving stronger authentication for management access when normal authentication via AD is broken.&nbsp;
--THi&nbsp;

kevin_stewart · Answer

You can't add additional fields, but here's a thought. The group memberships section is really just arbitrary text, so you could add strings (as groups) like the following:
sms_123_456_7890

And then read them from the policy or iRules.
when ACCESS_ACL_ALLOWED {
    log local0. [ACCESS::session data get session.localdb.groups]
}

** where "session.localdb.groups" is the destination session variable in the VPE Local Database agent.

andrew_husking · Answer

I know it's not as pretty, but could you not use iRule datagroups to extend it as required?&nbsp;
Sadly we haven't gone to 11.4 yet so i haven't seen the new features.&nbsp;

Forum Discussion

APM local user database and OTP

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Edge to Pulse: IP Geolocation Database Migration

Living on the AWS Edge - Local Zones

Support Your Local User Groups

DEVCENTRAL END-USER LICENSE AGREEMENT

Creating local users when using Remote Authentication and unavailable login