Manual Chapter :
Creating a logon page for MFA in a subroutine
Applies To:
Show Versions
BIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Creating a logon page for MFA in a subroutine
You should have created a subroutine with the
variable assign agent to collect
subsession.logon.last.username
and assign it to the session variable
last.subsession.logon.last.logonname
. Start this task in this
subroutine.The logon page presents the user with a
choice to type a onetime passcode or to get a push notification.
- In the subroutine, after the Variable Assign agent, click the plus to add a new item.
- On theLogontab, clickLogon Pageand clickAdd Item.
- Specify the following settings for the Logon Page item.ItemTypePost variableSession variableOther configuration1textusernameusername2nonepasswordpassword3selectfactorTypefactorTypeClickValuesand specify two options:pushandotp. Specify names for identification.4textmfaTokenmfaTokenThis example shows the logon page item configuration.
- Click theBranch Rulestab and clickAdd Branch Rule.
- Name the branch rule for the push notification, for examplePush Selected.
- Next toExpression: emptyclickchange.
- ClickAdvanced.
- Type the expression for push notifications:expr { [mcget {subsession.logon.last.factorType}] == "push" }.
- ClickFinished.
- ClickAdd Branch Rule.
- Name the branch rule for the one time passcode, for exampleOTP Selected.
- Next toExpression: emptyclickchange.
- ClickAdvanced.
- Type the expression for push notifications:expr { [mcget {subsession.logon.last.factorType}] == "otp" }.
- ClickFinished.
- ClickSave.
- Assign success and failure terminals to the branches.
Continue with the configuration of the
subroutine.
