Forum Discussion
APM - Do not send OTP if AD password needs changing
Hi Everyone,
I have a virtual LTM-APM sitting front of a SharePoint 2019 deployment. We have an APM policy attached to the VIPs which authenticates users and then sends an OTP via email for login. All works swimmingly! Some of testers noticed that when a user is prompted for an AD password change (i.e. pwd expiration etc), the APM module still sends an OTP to the user. Once the password is changed, a new login must be done with the new credentials and another OTP is sent. Alot of our users are not very tech savvy so they'll get understandably frustrated and report OTP/login as not working.
I've tried to explore some VPE branches but none are jumping out at me as a potential solution. I have seen another solution on DevNet where a user did a email/captcha, OTP then uname/pword but I feel its over engineered and that there should be a simpler solution to this?
Has anybody come across this before or know of a fix? Any help is appreciated.
EDIT: I'm basically trying to understand if we can get the APM module to not send an OTP if the password needs changing. There must be a AD attribute that signals a password change is needed?
- momahdyEmployee
Hi Shakeel,
Do you rely on APM logon page for AD password change? examples below,
https://my.f5.com/manage/s/article/K16806
https://my.f5.com/manage/s/article/K15676Also, if you can post the VPE screen shot?
Thank,- ShakeelRashidNimbostratus
Hello momahdy!
Thanks for replying and sorry my reply is late. Yes, we're relying on APM to change the AD password for users who's passwords have expired. Here is the screenshot of the VPE I have configured.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com