Forum Discussion
customize logon page
Hi all - This post from 2014 is what I'm looking for an update for in v 11.5.
Is there a way to customize the logon page? It's the same use case as the linked article. We have a general logon page and a subsequent challenge response page. Are there options to customize both logon pages? Think of something along the lines of replacing the out-of-the-boxo F5 pages with something like Google's initial and 2FA logon pages.
We do not have a CMS to host the webpage on and are looking to host it locally on the F5. Not sure if this is technically possible but wanted to reach out to see if the F5 community could help. Thanks in advance!
This past summer we implemented F5 Access Policy Manager (APM) for our first project. One of the project goals was to have a consistent (as much as possible) user experience for logins using our existing authentication system and multi-factor authentication through our contracted service provider.
With the HTML / CSS / JavaScript templates from our front-end team we were able to integrate these into our Access Policy using the Advanced area under
- Access Policy
- Customization
- Advanced
- Access Profiles
- (your policy name)
- Access Policy
- Logon Pages
- (logon page macro name)
There was a good amount of trial and error, but we eventually achieved our goal of a 99% identical logon page look and feel for our users. It is important to note the recommendations of F5 to NOT change any of the existing CSS classes, but to create your own.
- han5rt8d_255517Nimbostratus
Thanks, Troy! Appreciate the response.
Question regarding your project: How many login steps do you require users to authenticate prior to accessing the resource? We are facing the issue when users are taken to the challenge response (two-step) page as the webpage does not render the challenge statement (ex.: enter OTP here xyz).
We were able to use the Advanced section to customize our initial login page but we're seeing that customization is moot and broken in light of the secondary step.
Have you done this as well?
We have our password and MFA on the same page, although I've thought about separating them out, we haven't yet.
- han5rt8d_255517Nimbostratus
Interesting. Can I ask what you're using as the MFA platform?
Our AP requires a successful initial auth prior to taking the user to the MFA page. These are two separate webpages that the user pass through prior to accessing the resource.
Your implementation sounds like you have one webpage and has three fields for:
Username: ____________
Password: ______________
MFA code: ______________
If so, how does the system know which system (ex.: initial auth w/ AD; secondary w/ MFA system) to auth the user against?
I'm not comfortable listing our MFA solution on this public forum at this time. However I can share this, our authentication page looks similar to what you have above and you list two example auths, so I'll use those.
You could create a logon page that has all three fields. Upon submission the first macro could be your Active Directory authentication. If that Active Directory authentication macro is successful then that success branch could next be your MFA authentication macro. If that one is also success then the user could be presented the resources.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com