Forum Discussion

MazeRunner_3283's avatar
MazeRunner_3283
Icon for Nimbostratus rankNimbostratus
Mar 01, 2018

Configuring 2FA for BigIP management interface using RSA

I have a requirement to support two-factor authentication on the BIG-IP MGMT interfaces using RSA as authentication source. The BigIP TMM version is 11.6.1. Looks like RSA option is not avalible for ...
BIG-IP Access Policy Manager (APM)
security
Martijn_144688's avatar
Martijn_144688
Icon for Cirrostratus rankCirrostratus

Hi,

 

You can use the RADIUS server component of your RSA server and configure RADIUS as the authentication method of your admin users.

 

Regards, Martijn

 

David_Gill's avatar
David_Gill
Icon for Cirrus rankCirrus
Mar 03, 2018

The Radius configuration will likely depend on the version of Authentication Manager you are running. I suggest you check the RSA community site or contact your RSA SE for that part. If you do go the RSA Radius route then remember that all Radius authenticated users will get the same access to Big-IP unless you also implement Remote Role Groups which I presume would be based on a returned Radius attribute.

 

I suggest after you enable Radius on AM that you try adding a Radius attribute to the user or group and then capture with Wireshark to see exactly how the attribute is passed. The RSA community site tells you how to decrypt Radius use the Secret key. Unfortunately I have only done Remote Role Groups with Tacacs therefore I cannot provide you a specific Radius example.