BIG-IP Access Policy Manager: Authentication Methods

Case Management

MY PRODUCTS & PLANS

Subscriptions

Product Usage

Trials

Registration Keys

Resources
Downloads
Licensing
Activate F5 product registration key
Ihealth
Verify the proper operation of your BIG-IP system

F5 University
Get up to speed with free self-paced courses
Devcentral
Join the community of 300,000+ technical peers

F5 Certification
Advance your career with F5 Certification
Product Manuals
Product Manuals and Release notes

Manual : BIG-IP Access Policy Manager: Authentication Methods

Applies To:

Show Versions

Show Versions

BIG-IP APM

17.0.0

Original Publication Date: 04/26/2022
Updated Date: 06/10/2025

Active Directory Authentication

About Active Directory authentication

About Active Directory password management

About AAA high availability

About how APM handles binary values in Active Directory attributes

Adding Active Directory authentication to an access policy

Test AAA high availability for supported authentication servers

Example access policy using Active Directory authentication and query

Importing Active Directory user groups

Active Directory authentication session variables

Active Directory cross-domain support rules

Active Directory authentication and query troubleshooting tips

Overview: Using Active Directory Trusted Domains

Active Directory Query

About Active Directory queries

About nested groups in Active Directory queries

About Active Directory password management

About how APM handles binary values in Active Directory attributes

Adding an Active Directory query to an access policy

Verify log settings for the access profile

Using AD query with IPv6

Active Directory query session variables

Active Directory authentication and query troubleshooting tips

LDAP and LDAPS Authentication

About LDAP and LDAPS authentication

About how APM handles binary values in LDAP attributes

About AAA high availability

Task summary for configuring for LDAPS authentication

Test AAA high availability for supported authentication servers

Example of LDAP auth and query default rules

Importing LDAP user groups

LDAP authentication session variables

UserDN settings in LDAP

LDAP authentication and query troubleshooting tips

About LDAP queries

About how APM handles binary values in LDAP attributes

Adding an LDAP query to an access policy

Verify log settings for the access profile

Example of LDAP auth and query default rules

Session variables in LDAP query properties

LDAP query session variables

LDAP authentication and query troubleshooting tips

RSA SecurID Authentication

About RSA SecurID authentication

About SecurID configuration requirements for APM AAA

About SecurID configuration requirements for high availability

Task summary for configuring for RSA SecurID authentication

Access policy example for RSA and AD authentication

RSA SecurID session variables for access policy rules

RSA SecurID on Windows using RADIUS configuration troubleshooting tips

About BIG-IP Edge Client RSA SecurID authentication

About RSA SecurID (with soft token) automation requirements

Task summary for configuring for RSA SecurID integration with APM

Access policy example for RSA SecurID software token integration

RADIUS Authentication

About RADIUS authentication

About AAA high availability

Guidelines for setting up RADIUS authentication for AAA high availability

About how APM handles binary values in RADIUS attributes

Configuring RADIUS authentication

Test AAA high availability for supported authentication servers

RADIUS attributes

RADIUS session variables for access policy rules

RADIUS authentication and accounting troubleshooting tips

RADIUS Accounting

About RADIUS accounting

About how APM handles binary values in RADIUS attributes

Configuring a RADIUS Accounting server in APM

Adding RADIUS accounting to an access policy

Verify log settings for the access profile

RADIUS authentication and accounting troubleshooting tips

Kerberos Authentication with End-User Logons

About basic authentication and Kerberos end-user logon

How does end-user logon work?

About Kerberos authentication requirements

Task summary for configuring end-user login support

Access policy example for end-user login

NTLM Authentication for Microsoft Exchange Clients

Overview: Configuring APM for Exchange clients that use NTLM authentication

HTTP Basic Authentication for Microsoft Exchange Clients

Overview: Configuring APM for Exchange clients that use HTTP Basic

HTTP and HTTPS Authentication

About HTTP AAA server authentication

Task summary for HTTP authentication

Overview: Configuring HTTPS authentication

Local User Database

Overview: Configuring and administering a local user database

Overview: Using a local user database to control authentication

Overview: Branching in an access policy based on local user database groups

OCSP Authentication

About OCSP authentication

Overview: Verifying machine certificate revocation status with OCSP

Overview: Verifying user certificate revocation status with OCSP

OCSP session variables

OCSP authentication troubleshooting tips

CRLDP Authentication

About CRLDP configuration

Configure an AAA server for CRLDP

Create an access profile

Verify log settings for the access profile

Configure an access policy that uses CRLDP authentication

Configure a client SSL profile for CRLDP

Add client-side SSL and access profiles to a virtual server

Test AAA high availability for supported authentication servers

On-Demand Certificate Authentication

Overview: Requesting and validating an SSL certificate on demand

Client Certificate Inspection

About client certificate inspection

Task summary for client certificate inspection

One-Time Password Authentication

Overview: Providing a one-time password using email

Overview: Providing a one-time password using an external SMS

TACACS+ Authentication and Accounting

About TACACS+ authentication and accounting

About AAA high availability

Task summary for TACACS+ authentication and accounting

Test AAA high availability for supported authentication servers

Example access policy for TACACS+ authentication and accounting

TACACS+ session variables for access policy rules

TACACS+ authentication troubleshooting tips

Step-Up Authentication with APM

What is step-up authentication?

Use cases for step-up authentication

Concepts to know for building step-up authentication policies

Authentication types APM supports for step-up authentication

Example: Step-up authentication at the application layer

Example: Step-up authentication for an IP address change

Session variables for more granular access control in step-up authentication

Step-up authentication configuration basics

Overview: Configuring step-up authentication