Manual Chapter : About ephemeral authentication

Applies To:

Show Versions Show Versions


  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

About ephemeral authentication

The Privileged User Access licence lets you create an
Ephemeral Authentication server
that generates and manages temporary or ephemeral passwords. Access Policy Manager (APM) acts as the Ephemeral Authentication server to ensure a secure end-to-end encrypted connection while eliminating the possibility of credential reuse. The Ephemeral Authentication server includes the access profile/policy that authenticates the end user and contains the webtop resources for ephemeral authentication (so the server also acts as a
webtop proxy
The Ephemeral Authentication server can also extend APM Single Sign On (SSO) functionality to forward ephemeral passwords while clients are accessing a resource.
Ephemeral authentication uses a temporary password that may authenticate using only a username and password. The technology exists on the BIG-IP system working with APM to provide a secure end-to-end connection. In this way, the BIG-IP system becomes an authentication server for legacy systems.
The administrator or client never sees the ephemeral password. This allows APM to provide multifactor authentication or CAC to any system including those which require a user name and password for authentication.