Forum Discussion
I'm not aware of a way to do so with built-in F5 functions... but thinking creatively, you could use a combination of logon/logoff scripts in Active Directory (think GPO) and DNS resolution.
Create a logon script for the domain user(s) that adds an entry to the local hosts file ( and resolve it to whatever - 127.0.0.99). When the user logs off, have the logoff script remove that local hosts file entry.
Then on the F5, create a Connectivity Profile that builds the tunnel when resolves to the IP you specified above. In theory, when a domain user logs in, the VPN will be established. When a local user logs in, it will not. This is due to the availability of the name resolution.
Access -> Connectivity / VPN -> Connectivity -> Profiles -> [vpn profile name] -> Edit Profile _> Win/Mac Edge Client -> Location DNS List
There are other concerns here (such as if the user doesn't log off properly - but if it's not a security concern, it's just user training in all likelihood).