Manual Chapter :
Reference
Applies To:
Show Versions
BIG-IQ Centralized Management
- 7.0.0, 6.1.0, 6.0.1
Reference
About iApps and Access
On a BIG-IP system, a configuration that is created using an iApp can be updated only by using the same iApp. Access does not support iApps®. Access does not import, manage, or deploy resources that were created using an iApp.
Shared configuration resources
The tables list configurations that are shared or can be made shared.
| Resource | Description |
|---|---|
| Policies | Access policies |
| Profiles | Properties for the session |
| CAPTCHA configurations | Specifies the CAPTCHA service |
| NTLM Auth Configuration | Used to authenticate Exchange applications |
| Resource | Description |
|---|---|
| RADIUS* | RADIUS accounting and RADIUS authentication |
| LDAP* | LDAP and LDAPs authentication; LDAP queries |
| Active Directory* | Active Directory authentication and query |
| Active Directory Trusted Domains | Authenticate users across all trusted domains or forests for a customer |
| SecurID* | RSA SecurID authentication |
| HTTP* | HTTPS authentication; HTTP Basic/NTLM authentication |
| Oracle Access Manager* | Native integration with Oracle Access Manager |
| OCSP Responder* | Machine certificate revocation status; user certificate revocation status |
| CRLDP* | Retrieve Certificate Revocation Lists from network locations (Distribution Points) |
| TACACS+* | TACACS+ authentication and accounting |
| Kerberos* | Kerberos end-user login; basic or Kerberos authentication |
| SAML* | External SAML Identity Provider for the BIG-IP system, as a SAML service provider, to communicate with |
| Endpoint Management Systems* | Server properties |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| User-defined ACLs* | ACLs that users create |
| All ACLs* | The order of system-defined and user-defined ACLs |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| HTTP Basic | Single sign-on (SSO) using cached user identity and authorization header |
| NTLMV1 | Challenge-response; proves user identity without sending password to server |
| NTLMV2 | Challenge-response; proves user identity without sending password to server |
| Kerberos | Transparent authentication of users to Windows Web application servers (IIS) joined to Active Directory domain |
| Forms | Detects start URL match and uses cached user identity to construct and send HTTP form-based post request on behalf of the user |
| Forms - Client Initiated | Detects login page request, puts generated JavaScript code into login page, and returns it to client, where it is automatically submitted by the inserted JavaScript |
| SAML | SAML local Identity Provider (IdP) service is a type of SSO service that BIG-IP, configured as an IdP, provides |
| Resource | Description |
|---|---|
| Local SP Services | BIG-IP system as Service Provider (SP) provides SP services |
| External IdP Connectors | BIG-IP system as SP relies on external Identity Providers (IdPs) for authentication |
| Local IdP Services | BIG-IP system as IdP provides SSO authentication services |
| External SP Connectors | BIG-IP system as IdP works with external SPs |
| Artifact Resolution Services* | Supports SAML artifacts on a BIG-IP system configured as a SAML IdP |
| BIG-IP IdP Automation | Supports configuration automation |
| SAML Resources | Resources to support the SAML configuration |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Manage Instances | Local user database instances |
| Resource | Description |
|---|---|
| Manage Files | Hosted content files |
| Manage Profile Access | Access control for hosted content files using access profiles |
| Resource | Description |
|---|---|
| Webtops | Webtop used in Portal Access or Network Access |
| Webtop Links | Links for inclusion on a webtop |
| Webtop Sections | Sections to organize content on a webtop |
| Resource | Description |
|---|---|
| URL Categories | URL categories |
| URL Filters | URL filters |
| Applications | System-defined list of applications |
| Application Filters | User-defined application filters |
| Report Settings | Sets up statistics (for use with SWG subscription service) |
| Resource | Description |
|---|---|
| Network Access resource* | A Network Access resource allows user access to the local network through a secure VPN tunnel |
| Lease Pools* | IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource |
| Client Traffic Classifiers* | Used to shape traffic for Network Access client connections from Windows |
| Client Rate Classes | Base and peak rates for traffic; associated with a client traffic classifier |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| App Tunnels* | Provide secure, application-level TCP/IP connections from a client to the network |
| Remote Desktops* | Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions |
| VDI Profiles | Virtual desktop interface profile for a remote desktop configuration |
| Citrix Bundles | Hosted content used to deliver a Citrix Receiver client to a user's Windows computer |
| Microsoft Exchange | Profile for Microsoft Exchange application authentication |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Portal Access resources* | Provide user access to internal web applications with a web browser from outside the network |
| Rewrite profiles | An LTM profile treated as a shared resource |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Per-Request Policies | Policies that run for requests made after a session is established |
| Secure Connectivity | Connectivity profile for remote access |
| Event Logs Settings | Log settings for APM, components within APM, and SWG |
| Resource | Description |
|---|---|
| Policies | A resource configured outside of APM at the system level and that is treated as a shared resource in Access. |
| Priority Groups | A resource configured outside of APM at the system level and that is treated as a shared resource in Access. |
Device-specific configuration resources
Theses tables list device-specific resources.
| Resource | Description |
|---|---|
| RADIUS* | RADIUS accounting and RADIUS authentication |
| LDAP* | LDAP and LDAPs authentication; LDAP queries |
| Active Directory* | Active Directory authentication and query |
| SecurID* | RSA SecurID authentication |
| HTTP* | HTTPS authentication; HTTP Basic/NTLM authentication |
| Oracle Access Manager* | Native integration with Oracle Access Manager |
| OCSP Responder* | Machine certificate revocation status; user certificate revocation status |
| CRLDP* | Retrieve Certificate Revocation Lists from network locations (Distribution Points) |
| TACACS+* | TACACS+ authentication and accounting |
| Kerberos* | Kerberos end-user login; basic or Kerberos authentication |
| SAML* | External SAML Identity Provider for the BIG-IP system, as a SAML service provider, to communicate with |
| Endpoint Management Systems* | Server properties |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| User-defined ACLs* | ACLs that users create |
| All ACLs* | The order of system-defined and user-defined ACLs |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Artifact Resolution Services* | Supports SAML artifacts on a BIG-IP system configured as a SAML IdP |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Network Access resource* | A Network Access resource allows user access to the local network through a secure VPN tunnel |
| Lease Pools* | IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource |
| Client Traffic Classifiers* | Used to shape traffic for Network Access client connections from Windows |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| App Tunnels* | Provide secure, application-level TCP/IP connections from a client to the network |
| Remote Desktops* | Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Portal Access resources* | Provide user access to internal web applications with a web browser from outside the network |
| *This resource is device-specific but can be made shared |
| Resource | Description |
|---|---|
| Machine Account | For Microsoft Exchange clients that use NTLM authentication |
