Forum Discussion

Brian_Achenbaugh's avatar
Brian_Achenbaugh
Icon for Altocumulus rankAltocumulus
Jul 07, 2023

APM MFA auth to downstream LTM

Hi All

Im hoping not to make this long but here goes:

Our directive is that our organization wants MFA to get to a BigIP device. The initial directive was AD auth.

Environment: Our LTMs have been partition divided by sometimes app  name,  team name etc. Its a mess and to clean it up would require a ton of work even for AD to work, then add MFA.

So asked what is the real requirement, do "they" care where the authentication/MFA occurs. No they dont. ok now APM

Objective: user types in bigip weburl https://mybigip01.dns.com, we want them to be directed back to the APM for auth/MFA before they can access the resource.

Questions:

1) is this possible?

2) we want to use google auth, which we are already using for Remote Access on the APMs

3) If this is possible, do we have to turn on Remote -APM Based and fall back to local. This would  turn off local access(I think), which they are all using and this goes back to the earlier mess of partitions i mentioned.

Looking for ideas, solutions etc. Thanks

Ultimate Question: Can we do APM auth checkpoint and then they can access the LTM the way they normally do for now until we can get things cleaned up?

2 Replies