Forum Discussion

Nimbostratus

Aug 11, 2018

APM Multi-Domain SSO

I have 3 access policies assigned to 3 virtual servers; login, app1 and app2. These share a common top level domain. The first access policy for login authenticates the sesssion and assigns a we...

application delivery

BIG-IP Access Policy Manager (APM)

I_R_101_110

Cirrus

Aug 11, 2018

I don't know if this will work in your environment but it is possible to assign an ACL upon initial APM authentication based on an AD/LDAP group query. This ACL could say - regardless of what you gained access to via authenticating to that redirected login page - you are still only allowed access to these IP networks that were assigned based off of your group membership.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM Multi-Domain SSO

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

APM Cookbook: Single Sign On (SSO) using Kerberos

Support for POST preservation when APM Multidomain SSO is configured

IdP Routing With BIG-IP APM To Enable Seamless SSO User Experience

APM SSO breaks RDP persistence

Enhanced Modern Applications and MicroServices SSO with NGINX

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS