Case Management

MY PRODUCTS & PLANS

Subscriptions

Product Usage

Trials

Registration Keys

Resources
Downloads
Licensing
Activate F5 product registration key
Ihealth
Verify the proper operation of your BIG-IP system

F5 University
Get up to speed with free self-paced courses
Devcentral
Join the community of 300,000+ technical peers

F5 Certification
Advance your career with F5 Certification
Product Manuals
Product Manuals and Release notes

Manual Chapter : Access Policy Manager configuration tips

Applies To:

Show Versions

Show Versions

BIG-IP APM

17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4

Access Policy Manager configuration tips

The following table provides tips for setting up F5 Access for devices.

Feature	Information
Client endpoint checks	Client end-point checks are not currently supported.
Require Device Authentication	For devices with iOS 9 or later, F5 Access can require device authentication with one of the device locking methods, including biometric authentication (Touch ID), a PIN, or a passphrase. To enable device authentication for F5 Access, in the Connectivity Profile under iOS Edge Client , enable the options Allow Password Caching and Require Device Authentication .
Password caching policy	In the Connectivity profile, you can configure password caching by enabling the setting Allow Password Caching . When this setting is enabled, after a successful logon the submitted credentials are cached. Specify a Save Password Method . If you select disk , an encrypted password is cached on the device with no expiration time. If you select memory , an encrypted password is cached on the device for the time specified in the Password Cache Expiration (minutes) field. Credentials are not cleared if the user disconnects or restarts the device. If credentials are cached and the Save Password Method is memory , then credentials are cached until one of the following events occurs: The specified credential cache duration expires. The server address of the configuration within the application changes. The username of the configuration within the application changes. The F5Access user switches between configurations. To require the user to authenticate on the device before unlocking the cached credentials, select Require Device Authentication.
Enforce Logon Mode	You can enforce the logon mode for the iOS client. In the Connectivity Profile, select iOS Edge Client , and click Enforce Logon Mode . Select Native or Web and click OK . The logon mode will be enforced for all clients that use the connectivity profile.
Client certificates	Client certificate authentication is supported, either with a certificate alone or with a certificate secured with a user name and password.
On-Demand Cert Auth	If used, the On-Demand Cert Auth action must be placed after other authentication actions in the access policy.

Additional Access Policy Manager Configuration Information