Manual Chapter : Step-up authentication configuration basics

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Manual Chapter

Step-up authentication configuration basics

You need to create these configuration objects and settings to implement step-up authentication.
Access profile
The primary use for step-up authentication is to protect resources in a portal access or web access management (reverse proxy) configuration. You can use step-up authentication with all access profile types.
Per-session policy
A per-session policy, also known as an access policy, can include authentication or not. The policy can be as simple as Start-Allow, or it can be very complex.
Per-request policy
A policy that runs for each request throughout a session. It must include a call to the step-up authentication subroutine, and can include logic that determines when to call the step-up authentication subroutine. Unless the gating criteria for the step-up authentication subroutine is set to blank, or to a variable that gets populated automatically, the per-request policy must contain an agent to populate the gating criteria.
Per-request policy subroutine
Part of a per-request policy in which you configure a type of authentication to use for step-up authentication.
Per-request policy subroutine gating criteria setting
A setting that is blank or contains a perflow variable that specifies a distinct value that represents a reason to run step-up authentication.