Manual Chapter :
About ephemeral authentication
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
About ephemeral authentication
The Privileged User Access licence lets you create an
Ephemeral
Authentication server
that generates and manages temporary or ephemeral passwords. Access
Policy Manager (APM) acts as the Ephemeral Authentication server to ensure a secure end-to-end
encrypted connection while eliminating the possibility of credential reuse. The Ephemeral
Authentication server includes the access profile/policy that authenticates the end user and
contains the webtop resources for ephemeral authentication (so the server also acts as a
webtop proxy
).The Ephemeral Authentication server can also extend APM Single Sign On (SSO)
functionality to forward ephemeral passwords while clients are accessing a resource.
Ephemeral authentication uses a temporary password that may authenticate
using only a username and password. The technology exists on the BIG-IP system working with APM
to provide a secure end-to-end connection. In this way, the BIG-IP system becomes an
authentication server for legacy systems.
The administrator or client never sees the ephemeral password. This allows
APM to provide multifactor authentication or CAC to any system including those which require a
user name and password for authentication.