Manual Chapter :
Step-up authentication configuration
basics
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Step-up authentication configuration
basics
You need to create these configuration objects and settings to implement
step-up authentication.
- Access profile
- The primary use for step-up authentication is to protect resources in a portal access or web access management (reverse proxy) configuration. You can use step-up authentication with all access profile types.
- Per-session policy
- A per-session policy, also known as an access policy, can include authentication or not. The policy can be as simple as Start-Allow, or it can be very complex.
- Per-request policy
- A policy that runs for each request throughout a session. It must include a call to the step-up authentication subroutine, and can include logic that determines when to call the step-up authentication subroutine. Unless the gating criteria for the step-up authentication subroutine is set to blank, or to a variable that gets populated automatically, the per-request policy must contain an agent to populate the gating criteria.
- Per-request policy subroutine
- Part of a per-request policy in which you configure a type of authentication to use for step-up authentication.
- Per-request policy subroutine gating criteria setting
- A setting that is blank or contains a perflow variable that specifies a distinct value that represents a reason to run step-up authentication.