For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fwebb_116789's avatar
fwebb_116789
Icon for Nimbostratus rankNimbostratus
Sep 17, 2014
Solved

APM authenticate user to multiple AD groups

Hello All:   I hope someone can help me with this. I have recently deployed a private cloud on vCloud Director 5.5. We run a Development and Test Lab that have multiple projects running at any g...
BIG-IP Access Policy Manager (APM)
security
  • Thomas_Gobet_91's avatar
    Thomas_Gobet_91
    Sep 22, 2014

    Did you try to work with the option "Nested Groups" in your AD authentication ?

     

    It will help you to avoid this kind of problems as for each group, the APM will check your conditions.

     

    You would have to define only one ressource assign box with your groups membership conditions.

     

    Here is a solution link to use nested groups : http://support.f5.com/kb/en-us/solutions/public/12000/100/sol12193

     

Thomas_Gobet's avatar
Thomas_Gobet
Icon for Nimbostratus rankNimbostratus
Sep 18, 2014

On which version are you running on ?

 

Also, why do you use the same macro whether the result is "Success" or "Fail" ?

 

I think you can optimize it, the problem is just to understand every scenario you can encounter.

 

  • fwebb_116789's avatar
    fwebb_116789
    Icon for Nimbostratus rankNimbostratus
    Sep 19, 2014
    Thomas, I am running version 11.4.1 HF4. I use the same macro to avoid having to define the Member of for the AD Query. Each branch represents all the possible combinations of group memberships. In the example above, I have 5 groups: Admin, 3, 8, Applications and Models and Simulation. There were only be Administrators accessing Administrative assets. After that though, depending on who the user is they could be members of any combination of groups based on what they need access to.