Difference between SSO under access policy and SSO in VPE
Is that mandatory to have SSO credential mapping via VPE whenever we have SSO created under access policy.
i need to understand the relation between these 2 sso configurations
The SSO profile attached to a access policy has 2 or 3 variables, session.sso.token.last.username and session.sso.token.last.password (and others, depending on the SSO profile).
These are not created by default in the VPE. The SSO credential mapping agent maps a username variable (most of the times session.logon.last.username, depending on what you select in the agent) into session.sso.token.last.username.
You could do the same in a variable assign agent, F5 has created the SSO credential mapping to help engineers and to show in the VPE your mapping SSO credentials.
So it is not mandatory.
I hope I makes it a bit more clear.