Authentication with Multiple Domains

Question

Hello Guys,&nbsp;
If we have 2 domains (domain1.com) and (domain2.com) with their Active directories (AD1) and (AD2)&nbsp;
We need to authenticate the user first with domain1.com and if the user is not available in this domain (domain1.com), we should to check with other domain (domain2.com) for authentication.&nbsp;
Also in the same time , we would like to use SSO credential mapping for single sign on for both of domain authentication to avoid to submit the credentials again to the application &nbsp;
Can Anyone help to figure it ? &nbsp;
Note: We din't need to use drop down option for login page to choose the domain , we need the checking process happen by APM Agents to check that automatically without asking the user for his/her domain which he/she belongs&nbsp;
So we don't to follow  the following suggestion as they don't achieve our requirements
https://codygreen.com/2014/11/17/apm-cookbook-multiple-domain-authentication-part-2/
https://devcentral.f5.com/articles/apm-cookbook-multiple-domain-authentication-part-1&nbsp;

allwyn_mascaren · Answer

Hey Man I am looking for the same thing, we also dont want to use the drop down and try to do this automatically based on the user, can you share your apm policies, which you tried.&nbsp;

mr_freddy · Answer

Hi David,&nbsp;
I configured the access policy as the following screenshot but till now it is not working fine&nbsp;
&nbsp;

dragonflymr · Answer

Hi,&nbsp;
Hard to help not knowing what you are doing in Var Assign and LDAP Query objects. If you will post info it allow to figure out why it's not working.&nbsp;
Piotr&nbsp;

mr_freddy · Answer

Hi Piotr, &nbsp;
First Variable Assign
&nbsp;
LDAP Query
&nbsp;
Second variable assign&nbsp;
&nbsp;
Branch 1 expression for variable assign&nbsp;
&nbsp;

stan_piron · Answer

Is there trusted relationship between domains?&nbsp;
If true, you can configure both domains (In Active directory auth servers) and trusted domain objects...&nbsp;
then in AD Auth box, select this trusted domains.&nbsp;
AD Selection will be automatic.&nbsp;
Regards.&nbsp;

Forum Discussion

Authentication with Multiple Domains

5 Replies

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

Related Content

APM Cookbook: Multiple Domain Authentication - Part 1

Route Domains

Multiple AD Authentication

Shared Authentication Domains on BIG-IP APM

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS