Manual Chapter : Overview: Using ephemeral authentication to secure privileged user access

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

Overview: Using ephemeral authentication to secure privileged user access

Security breaches are a constant threat to companies, government agencies, information systems, and all organizations accessible from the Internet. These breaches can result in the unauthorized access of data, applications, services, networks, and devices. Malicious actors persistently attack by circumventing the security mechanisms particularly those in place for privileged users, such as system and network administrators. As a result, traditional user name and password access to administrative resources is a major security vulnerability in our networks today.
Access Policy Manager (APM) provides Privileged User Access so that you can add CAC authentication (Common Access Card), Personal Identity Verification (PIV), or other strong authentication method to network infrastructure for enhanced security. This solution integrates directly into DoD PKI systems and works cooperatively with existing RADIUS, TACACS, Active Directory, and a variety of third-party authentication databases.
Deployment of Privileged User Access requires a license and involves the configuration of these components:
  • Ephemeral Authentication Server
  • WebSSH Proxy
  • Authentication Server (for RADIUS and/or LDAP or LDAPS)
This document describes ephemeral authentication concepts, requirements, and provides two complete use cases:
  • Ephemeral Authentication using LDAP/LDAPS Proxy with WebSSH
  • Ephemeral Authentication using RADIUS Proxy with WebSSH