Manual Chapter :
Adding primary authentication to a per-session policy
Applies To:
Show Versions
BIG-IP APM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Adding primary authentication to a per-session policy
Before you can configure a per-session policy
to use Active Directory authentication, you must have at least one Active Directory AAA
server configured.
This example describes how to add primary
authentication to the per-session policy by creating a logon page to obtain user
credentials and then authenticate the user against an external Active Directory server
before granting access. You can use other methods of authentication as long as your Okta
organization has user entries with the same primary authentication.
- On the Main tab, click .The Access Profiles (Per-Session Policies) screen opens.
- In the Per-Session Policy column, click theEditlink for the access profile you want to configure.The visual policy editor opens the access policy in a separate screen.
- Click the(+)icon anywhere in the access policy to add a new item.Only an applicable subset of access policy items is available for selection in the visual policy editor for any access profile type.A popup screen opens, listing predefined actions on tabs such as General Purpose, Authentication, and so on.
- On the Logon tab, selectLogon Pageand click theAdd Itembutton.The Logon Page Agent properties screen opens.
- Make any changes that you require to the logon page properties and clickSave.The properties screen closes and the policy displays.
- Right after the Logon Page, click the(+)icon.
- On the Authentication tab, selectAD Authand clickAdd Item.A Properties popup screen opens.
- From theServerlist, select the AAA Active Directory server to use for authentication.
- You can set other options, as needed, then clickSave.
- At the end of the Successful branch, clickDenyand change it toAllow.
This task adds a logon page and Active
Directory authentication to the per-session policy which looks like this: 
