Manual Chapter :
Reference
Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.2.0
About iApps and Access
On a BIG-IP® system, a configuration that is created using an iApp can be updated only by using the same iApp. Access does not support iApps®. Access does not import, manage, or deploy resources that were created using an iApp.
Shared configuration resources
The tables list configurations that are shared or can be made shared.
Resource | Description |
---|---|
Policies | Access policies |
Profiles | Properties for the session |
CAPTCHA configurations | Specifies the CAPTCHA service |
NTLM Auth Configuration | Used to authenticate Exchange applications |
Resource | Description |
---|---|
RADIUS* | RADIUS accounting and RADIUS authentication |
LDAP* | LDAP and LDAPs authentication; LDAP queries |
Active Directory* | Active Directory authentication and query |
Active Directory Trusted Domains | Authenticate users across all trusted domains or forests for a customer |
SecurID* | RSA SecurID authentication |
HTTP* | HTTPS authentication; HTTP Basic/NTLM authentication |
Oracle Access Manager* | Native integration with Oracle Access Manager |
OCSP Responder* | Machine certificate revocation status; user certificate revocation status |
CRLDP* | Retrieve Certificate Revocation Lists from network locations (Distribution Points) |
TACACS+* | TACACS+ authentication and accounting |
Kerberos* | Kerberos end-user login; basic or Kerberos authentication |
SAML* | External SAML Identity Provider for the BIG-IP® system, as a SAML service provider, to communicate with |
Endpoint Management Systems* | Server properties |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
User-defined ACLs* | ACLs that users create |
All ACLs* | The order of system-defined and user-defined ACLs |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
HTTP Basic | Single sign-on (SSO) using cached user identity and authorization header |
NTLMV1 | Challenge-response; proves user identity without sending password to server |
NTLMV2 | Challenge-response; proves user identity without sending password to server |
Kerberos | Transparent authentication of users to Windows Web application servers (IIS) joined to Active Directory domain |
Forms | Detects start URL match and uses cached user identity to construct and send HTTP form-based post request on behalf of the user |
Forms - Client Initiated | Detects login page request, puts generated JavaScript code into login page, and returns it to client, where it is automatically submitted by the inserted JavaScript |
SAML | SAML local Identity Provider (IdP) service is a type of SSO service that BIG-IP, configured as an IdP, provides |
Resource | Description |
---|---|
Local SP Services | BIG-IP system as Service Provider (SP) provides SP services |
External IdP Connectors | BIG-IP system as SP relies on external Identity Providers (IdPs) for authentication |
Local IdP Services | BIG-IP system as IdP provides SSO authentication services |
External SP Connectors | BIG-IP system as IdP works with external SPs |
Artifact Resolution Services* | Supports SAML artifacts on a BIG-IP system configured as a SAML IdP |
BIG-IP IdP Automation | Supports configuration automation |
SAML Resources | Resources to support the SAML configuration |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Manage Instances | Local user database instances |
Resource | Description |
---|---|
Manage Files | Hosted content files |
Manage Profile Access | Access control for hosted content files using access profiles |
Resource | Description |
---|---|
Webtops | Webtop used in Portal Access or Network Access |
Webtop Links | Links for inclusion on a webtop |
Webtop Sections | Sections to organize content on a webtop |
Resource | Description |
---|---|
URL Categories | URL categories |
URL Filters | URL filters |
Applications | System-defined list of applications |
Application Filters | User-defined application filters |
Report Settings | Sets up statistics (for use with SWG subscription service) |
Resource | Description |
---|---|
Network Access resource* | A Network Access resource allows user access to the local network through a secure VPN tunnel |
Lease Pools* | IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource |
Client Traffic Classifiers* | Used to shape traffic for Network Access client connections from Windows |
Client Rate Classes | Base and peak rates for traffic; associated with a client traffic classifier |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
App Tunnels* | Provide secure, application-level TCP/IP connections from a client to the network |
Remote Desktops* | Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions |
VDI Profiles | Virtual desktop interface profile for a remote desktop configuration |
Citrix Bundles | Hosted content used to deliver a Citrix Receiver client to a user's Windows computer |
Microsoft Exchange | Profile for Microsoft Exchange application authentication |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Portal Access resources* | Provide user access to internal web applications with a web browser from outside the network |
Rewrite profiles | An LTM profile treated as a shared resource |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Per-Request Policies | Policies that run for requests made after a session is established |
Secure Connectivity | Connectivity profile for remote access |
Event Logs Settings | Log settings for APM, components within APM, and SWG |
Resource | Description |
---|---|
Policies | A resource configured outside of APM at the system level and that is treated as a shared resource in Access. |
Priority Groups | A resource configured outside of APM at the system level and that is treated as a shared resource in Access. |
Device-specific configuration resources
Theses tables list device-specific resources.
Resource | Description |
---|---|
RADIUS* | RADIUS accounting and RADIUS authentication |
LDAP* | LDAP and LDAPs authentication; LDAP queries |
Active Directory* | Active Directory authentication and query |
SecurID* | RSA SecurID authentication |
HTTP* | HTTPS authentication; HTTP Basic/NTLM authentication |
Oracle Access Manager* | Native integration with Oracle Access Manager |
OCSP Responder* | Machine certificate revocation status; user certificate revocation status |
CRLDP* | Retrieve Certificate Revocation Lists from network locations (Distribution Points) |
TACACS+* | TACACS+ authentication and accounting |
Kerberos* | Kerberos end-user login; basic or Kerberos authentication |
SAML* | External SAML Identity Provider for the BIG-IP® system, as a SAML service provider, to communicate with |
Endpoint Management Systems* | Server properties |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
User-defined ACLs* | ACLs that users create |
All ACLs* | The order of system-defined and user-defined ACLs |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Artifact Resolution Services* | Supports SAML artifacts on a BIG-IP system configured as a SAML IdP |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Network Access resource* | A Network Access resource allows user access to the local network through a secure VPN tunnel |
Lease Pools* | IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource |
Client Traffic Classifiers* | Used to shape traffic for Network Access client connections from Windows |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
App Tunnels* | Provide secure, application-level TCP/IP connections from a client to the network |
Remote Desktops* | Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Portal Access resources* | Provide user access to internal web applications with a web browser from outside the network |
*This resource is device-specific but can be made shared |
Resource | Description |
---|---|
Machine Account | For Microsoft Exchange clients that use NTLM authentication |