APM conditional policy
Hello devs! Happy 2018 guys!
We have an APM on our environment serving as VPN. The policy first authenticates the user against AD and after talks to a SMS device users can receive their two factor password.
The problem is that sometimes this SMS device does down and nobody is actually watching. When this happens, as you can imagine, users can't log in on the VPN. And that's bad.
I was trying to come up with an automatic solution inside the policy but I only thought of this two:
- Duplicate the policy to a new one that does NOT use two-factor and when the SMS device goes down, manually change the policy with this new no two-factor one. It works but it's not automatic.
- Put a decision box after the AD auth asking the user to choose between two-factor or one-factor. Which again works but we shouldn't leave this to the users will I think.
So my question is:
Is there a way of monitoring this SMS device? I wish I could put it in a pool and on the APM policy I had something like a decision box based on the availability of the pool. If up go this branch, if down go this other branch.
Any ideas?
Thanks!
Rafael