Forum Discussion

Nimbostratus

Sep 13, 2022

APM OTP authentication

We are using APM for OTP authentication , The problem is that there are a number of users who on purpose make the first registration using the username and password, then after the OTP-code arrives, ...

apm otp

application delivery

Torijori_Yamamada

Cirrus

Sep 14, 2022

Hi,

When APM creates an OTP code you can save it on a table with help of an iRule so if user try to create another session, you can able to check whether same user have a session already. If there is another OTP code, so you can return a message that says like "use OTP code sent previusly".

But this looks like an example of "wrong usage of computers" more than an APM problem. If i encounter same problem, i probably choose to put a time limit which restrict users have one session in a certain time of frame. When they open another one, i block them for a limited of time, so evolution continues and people learn.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM OTP authentication

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

ASM/AWAF declarative policy

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Demystifying Time-based OTP

APM Cookbook: Two-Factor Authentication using YubiKey OTP with iRulesLX.

APM Sharepoint authentication

Two-Factor Authentication With Google Authenticator And APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS