Manual Chapter : Implementing APM System Authentication

Applies To:

  • BIG-IP AAM

    15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP APM

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP Analytics

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP Link Controller

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP LTM

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP PEM

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP AFM

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP DNS

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

  • BIG-IP ASM

    16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

Implementing APM System Authentication

As an administrator in a large computing environment, you might prefer to store user accounts remotely, on a dedicated authentication server. When you want to use a remote server to authenticate traffic that manages a BIG-IP system, you can store BIG-IP system administrative accounts on an AAA server. BIG-IP APM® supports AAA servers such as HTTP, LDAP, RADIUS, Active Directory, and TACACS+. To complete the authentication process, you must add the newly configured AAA action to an access policy. You can find more information about AAA authentication and access policies in BIG-IP Access Policy Manager: Single Sign-On Concepts and Configuration and BIG-IP Access Policy Manager: Visual Policy Editor.

Important: System authentication using APM methods will not work if the user name and password contains Unicode characters (for example, Chinese characters) or the symbols ampersand (&), colon (:), less than (<), and apostrophe (').

Before you begin:

  • Verify that the BIG-IP system user accounts have been created on the remote authentication server.
  • Verify that the appropriate user groups, if any, are defined on the remote authentication server.

You can configure the BIG-IP system to use an APM server for authenticating BIG-IP system user accounts, that is, traffic that passes through the management interface (MGMT).

  1. On the Main tab, click System > Users.

  2. On the menu bar, click Authentication.

  3. Click Change.

  4. From the User Directory list, select Remote - APM Based.

  5. For the Access Profile setting, click the + button.

    The screen refreshes to show general properties.

  6. In the Name field, type a name for the access profile.

    Note: A access profile name must be unique among all access profile and any per-request policy names.

  7. From the Default Language list, select a language.

    The default is English (en).

  8. From the Authentication Type list, select the type of authentication for the APM based remote user authentication.

    The screen refreshes to show areas and settings specific to the authentication type.

  9. Fill in the fields.

  10. Click Finished.

You can now authenticate administrative traffic for user accounts that are stored on a remote APM server. If you have no need to configure group-based user authorization, your configuration tasks are complete.

This is an example of an access policy with all the associated elements that are needed to authenticate and authorize your users with LDAP authentication.

Example of an access policy for LDAP Auth