Forum Discussion
NimbostratusF5 APM 2FA through SMTP
NimbostratusThanks,
Do you have the exact steps needed to use F5 on its own for OTP, to send the token generated from it to the user through SMTP?
NacreousAs said there is already a macro template which you can use in your APM policy for this exact reason.
- create a new policy
- add a new macro
- select macro template "AD query auth OTP by email and resources"
- add this macro to the actual policy
The only thing you have to configure yourself is your authentication method, macro uses AD but you can use local DB too, and the SMTP configuration under "System ›› Configuration : Device : SMTP"
- User100000
I need to send email address to the user
the user exist on local database, what we need to do that when the user log, F5 gets the email address of the user who login and send the OTP to this email,
How to map this in the policy by getting the email address according to the login user from the local database?
- Injeyan_Kostas
Unfortuantely, when using local db personal information like first name, last name and email are not accessible to an access policy
https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-authentication-essentials/local-user-database.htmlSo if you must use local db you have to ask user to type his email in login screen in an extra field
Again, the macro I told you is using this exact method, it presents another field in login screen for user to type his email. it calls it otpemail
Then it uses the attribute "session.logon.last.otpemail" to send email to.
