Manual Chapter : Assigning push and OTP variables for MFA in a subroutine

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Assigning push and OTP variables for MFA in a subroutine

You should have created the subroutine for MFA with a variable assign agent and logon page item as previously described. This task begins in the subroutine.
Assign the variables for the push and one time passcode to provide successful MFA in the per-request policy.
  1. On the Push branch following the logon page items, click plus.
  2. Click the
    Assignment
    tab, select
    Variable Assign
    , and click
    Add Item
    .
  3. Click
    Add new entry
    .
  4. On the left, select
    Custom Variable
    and type
    subsession.logon.last.password
    .
  5. On the right, select
    Text
    and type
    push
    .
  6. Click
    Finished
    .
  7. On the OTP branch, following the logon page items, click plus.
  8. Click the
    Assignment
    tab, select
    Variable Assign
    , and click
    Add Item
    .
  9. Click
    Add new entry
    .
  10. On the left, select
    Custom Variable
    and type
    subsession.logon.last.password
    .
  11. On the right, select
    Session Variable
    and type
    subsession.logon.last.mfaToken
    .
  12. Click
    Finished
    .
  13. Click
    Save
    .
  14. On both branches, add a RADIUS Auth item, and specify the RADIUS server.
  15. Add terminals for the branches.
    This example shows a completed subroutine for MFA with a one time passcode and push options.
The subroutine for MFA is created.
Add the subroutine to the per-request policy.