Manual Chapter : Access Policy Manager configuration tips

Applies To:

Show Versions Show Versions


  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Access Policy Manager configuration tips

The following table provides tips for setting up F5 Access for devices.
Client endpoint checks
Client end-point checks are not currently supported.
Require Device Authentication
For devices with iOS 9 or later, F5 Access can require device authentication with one of the device locking methods, including biometric authentication (Touch ID), a PIN, or a passphrase. To enable device authentication for F5 Access, in the
Connectivity Profile
iOS Edge Client
, enable the options
Allow Password Caching
Require Device Authentication
Password caching policy
  • In the Connectivity profile, you can configure password caching by enabling the setting
    Allow Password Caching
    . When this setting is enabled, after a successful logon the submitted credentials are cached.
  • Specify a
    Save Password Method
    • If you select
      , an encrypted password is cached on the device with no expiration time.
    • If you select
      , an encrypted password is cached on the device for the time specified in the
      Password Cache Expiration (minutes)
  • Credentials are not cleared if the user disconnects or restarts the device.
  • If credentials are cached and the
    Save Password Method
    , then credentials are cached until one of the following events occurs:
    • The specified credential cache duration expires.
    • The server address of the configuration within the application changes.
    • The username of the configuration within the application changes.
    • The F5Access user switches between configurations.
  • To require the user to authenticate on the device before unlocking the cached credentials, select
    Require Device Authentication.
Enforce Logon Mode
You can enforce the logon mode for the iOS client. In the Connectivity Profile, select
iOS Edge Client
, and click
Enforce Logon Mode
. Select
and click
. The logon mode will be enforced for all clients that use the connectivity profile.
Client certificates
Client certificate authentication is supported, either with a certificate alone or with a certificate secured with a user name and password.
On-Demand Cert Auth
If used, the
On-Demand Cert Auth
action must be placed after other authentication actions in the access policy.