F5 APM 2FA through SMTP

Question

Hello,&nbsp;We need to perform 2FA but by using F5 only, we don't have other MFA solutions like Duo, Google Authenticator,....&nbsp;So can we use F5 to generate token and send it to the user using his email address,&nbsp;(So a token can be generated and by iRule sent to the user email address through SMTP?)&nbsp;&nbsp;Currently, we are using internal DB for users so inside it we can add user's email address&nbsp;&nbsp;Then, F5 APM verifies the token?Please provide your feedback and the configuration required to do that.&nbsp;We know that in VPE there is generate and validate token, so we need to use them, but only with SMTP, directly with F5&nbsp;&nbsp;Also, it will be great if you can recommend a free or trial for 2FA solutions to be integrated with F5 APM&nbsp;

injeyan_kostas · Answer

As said there is already a macro template which you can use in your APM policy for this exact reason.

create a new policy
add a new macro
select macro template "AD query auth OTP by email and resources"
add this macro to the actual policy

The only thing you have to configure yourself is your authentication method, macro uses AD but you can use local DB too, and the SMTP configuration under "System ›› Configuration : Device : SMTP"

injeyan_kostas · Answer

Hi User100000​&nbsp;you can just use the appropriate template which you can find as macro inside VPEjust replace AD Query and Auth with Local DB and create an SMTP configurationFor trial MFA you can check DUO or Microsoft EntraEntra might be a free option as well but without conditional access etc.For a complete free MFA solution you could use Keycloak as IDP and use saml or oauth federation with APM

p_kueppers · Answer

You can do it like Injeyan_Kostas​ said. Or you can do it with a 2FA Auth-App like Google or Microsoft Authenticator. There is a old tutorial out there:Lab 4: Set up Google Authenticator (GA)I used it in the past but not like this anymore&nbsp;

user100000 · Answer

Thanks,&nbsp;Do you have the exact steps needed to use F5 on its own for OTP, to send the token generated from it to the user through SMTP? without relaying on external OTP solution&nbsp;

user100000 · Answer

Thanks,&nbsp;Do you have the exact steps needed to use F5 on its own for OTP, to send the token generated from it to the user through SMTP?

Forum Discussion

F5 APM 2FA through SMTP

8 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

SMTP Smugglers Blues

SMTP Proxy

SMTP Start TLS

SMTP scripted monitor

SMTP iApp Template - Early Release

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS