Manual Chapter : Configuring a subroutine for step-up authentication

Applies To:

  • BIG-IP APM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.6, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9

back-action Overview: Configuring step-up authentication

Updated Date: 04/30/2026

Configuring a subroutine for step-up authentication

For step-up authentication, you configure a per-request policy subroutine that performs authentication.

  1. On the Main tab, click Access > Profiles / Policies > Per-Request Policies.

    The Per-Request Policies screen opens.

  2. Create and then open a per-request policy for editing in the visual policy editor.

  3. Click the Add New Subroutine button.

    A popup screen opens.

  4. Select one of these subroutine templates:

    • LDAP Authentication - Includes a Logon Page followed by an LDAP Auth action, Pass and Fail terminals.
    • Confirm - Includes a Confirm Box where you can specify text and an icon that allows the user to continue or cancel the action.
    • Empty - Includes In and Out terminals only.

  5. Name the subroutine.

  6. Click Save.

    The popup screen closes. The subroutine, with the heading [+] Subroutine: Name, displays below the main editor.

  7. Expand the subroutine by clicking the [+] icon.

    If any item in the subroutine needs some configuration, a red asterisk displays by the item name.

  8. From the Authentication tab, select one of the available authentication methods. Configure the authentication agent with the information needed, such as the AAA server.

  9. Make any changes you want to the subroutine terminals:

    1. To add a terminal, click Edit Terminal and configure it.

    2. To change a terminal, click it and select another one.

The subroutine settings are configured using the default values.

Next, you can add the subroutine to the per-request policy.