F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager and F5 Access for Android 3.2.0
  3. OIDC Support in F5 Access Android
Manual Chapter : OIDC Support in F5 Access Android

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

OIDC Support in F5 Access Android

About OIDC Support in F5 Access Android

F5 Access Android supports OIDC feature from v3.2.0 and BIGIP version 21.0.0 or later.
F5 Access for Android supports OpenID Connect (OIDC) authentication using the mobile default browser. Browser‑based OIDC strengthens security by enabling password-less authentication and modern MFA capabilities using FIDO2 security keys.
Administrators configure the OIDC provider, client credentials, and OAuth scopes in the BIG‑IP connectivity profile. These settings are pushed to the client, which initiates authentication in the default browser; users complete sign‑in with the identity provider and return to establish the VPN connection.
The OIDC support provides consistent authentication experience by enabling two-factor verification and Single Sign-On across Browser and F5 Access. It provides:
  • Ability to perform password-less authentication and MFA using FIDO2 keys (For example, YubiKey)
  • Single Sign-On for F5 Access and other enterprise apps that share a common IDP.
Beginning BIG-IP version 16.0.0, connectivity profile has optional OAuth Settings using which administrators can specify the OIDC authorization server discovery endpoint, Client ID, Scopes, and the Complete Redirection URI. Refer to BIG-IP Access Policy Manager: OAuth Concepts and Configuration for more details.
For security reasons, when configuring for OAuth settings, ensure that the BIG-IP local traffic policy enforces HTTPS by redirecting HTTP requests to HTTPS for a virtual server on the BIG-IP system. Refer OIDC RFC for details on OAuth 2.0 Authorization Framework.
OIDC authentication in F5 Access requires BIG-IP 21.0.0 or later and you must ensure to:
  • Enable PKCE to be enabled.
  • Enable Web Logon. You can do this in one of the following ways:
    • Enable
      Web Logon
      when adding configuration in the F5 Access client.
    • Use MDM to push a configuration that enables
      Web Logon.
  • Add the URI
    f5-oauth://redirect
     in the redirect URIs configured on IDP.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information