Use the email address registered in Active Directory for F5 BIG IP APM OTP authentication

Question

I'm having trouble setting up the F5 BIG-IP APM

I would like to use the OTP authentication function that F5 BIG-IP APM has as standard.

I want to send the OTP to the email address of the mobile phone registered in Active Directory.

Has anyone ever made such a setting?

please give me your wisdom.

Best regards

dario_garrido · Answer

Hello Keigo.

Which DB do you expect to find your email address?

Usually, people stores email and phone information in the AD and APM can get both using a LDAP query.

VPE policy should look like this:

- LDAP query to get email

- Generate OTP code

- Send an email with the previous code

- Use a logon page to ask for that code

- Verify the code

Regards,

Dario.

Forum Discussion