Forum Discussion
MazeRunner_3283
Nimbostratus
NimbostratusConfiguring 2FA for BigIP management interface using RSA
I have a requirement to support two-factor authentication on the BIG-IP MGMT interfaces using RSA as authentication source. The BigIP TMM version is 11.6.1. Looks like RSA option is not avalible for ...
MvdG
Cirrus
CirrusHi,
You can use the RADIUS server component of your RSA server and configure RADIUS as the authentication method of your admin users.
Regards, Martijn
MvdGCirrus
CirrusHi,
Assuming you are on a recent version of RSA AM (version 8.x) you do the following:
On the RSA Server:
In the RSA Operations Console go to Deployment Configuration -> RADIUS Servers an make sure you RADIUS server is started.
In the RSA Security Console go to RADIUS -> RADIUS Clients -> Add New to configure the F5 BIG-IP as a RADIUS client. Do not forget to create a RSA Agent Host for your F5 BIG-IP. This can be done when creating the RADIUS client by clicking on 'Save & Create Associated RSA Agent'.
On the F5 BIG-IP:
Go to System -> Users -> Authentication and change the user directory from local to Remote - RADIUS.
As David says, if you do not configure the rest, all RSA users are able to log in to your F5 BIG-IP. You can create Remote Role Groups as mentioned.
You can also make the created RSA Agent host a restricted agent so only one RSA user group may access this RSA Agent. By adding only F5 administrators in this group, you can restrict access to the F5 BIG-IP.
Hope this helps.
Regards, Martijn.