Manual Chapter : Specifying how often a user must step up

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Specifying how often a user must step up

You can configure Access Policy Manager (APM) so that step-up authentication runs periodically throughout a session. For example, you might want a user to re-authenticate every eight hours for access to a given application.
  1. For step-up authentication to run periodically, verify that the
    Maximum Session Timeout
    setting in the access profile is set to a value greater than zero.
    The default value is 604800 seconds (or 1 week).
    1. On the Main tab, select
      Access
      Profiles / Policies
      Access Profiles (Per-Session Policies)
      .
    2. Click the name of the access profile you want to verify.
    3. In the Settings area, locate the
      Maximum Session Timeout
      setting.
    4. If it is set to 0, on the right of the screen select the
      Custom
      check box. In the
      Maximum Session Timeout
      field, type a value greater than 0, and at the bottom of the screen, click
      Update
      .
  2. To specify how long you want the user to retain access without needing to re-authenticate, update the
    Max Subsession Life (sec)
    setting:
    1. With the per-request policy open in the visual policy editor, expand the subroutine for editing.
    2. Click
      Subroutine Settings/Rename
      .
      A popup screen opens.
    3. In the
      Maximum Subsession Life (sec)
      field, type the number of seconds that you want users to retain access without needing to authenticate again.
      The default value is
      900
      (or 15 minutes).
  3. Click
    Save
    .
    The popup screen closes.