Forum Discussion

User100000's avatar
User100000
Icon for Nimbostratus rankNimbostratus
Aug 04, 2025

F5 APM 2FA through SMTP

Hello,

 

We need to perform 2FA but by using F5 only, we don't have other MFA solutions like Duo, Google Authenticator,....

 

So can we use F5 to generate token and send it to the user using his email address,

 

(So a token can be generated and by iRule sent to the user email address through SMTP?) 

 

Currently, we are using internal DB for users so inside it we can add user's email address 

 

Then, F5 APM verifies the token?


Please provide your feedback and the configuration required to do that.

 

We know that in VPE there is generate and validate token, so we need to use them, but only with SMTP, directly with F5 

 

Also, it will be great if you can recommend a free or trial for 2FA solutions to be integrated with F5 APM 

2fa
remote
smtp
SSO
SSO 2FA

8 Replies

    • User100000's avatar
      User100000
      Icon for Nimbostratus rankNimbostratus
      Aug 09, 2025

      Thanks,

       

      Do you have the exact steps needed to use F5 on its own for OTP, to send the token generated from it to the user through SMTP? without relaying on external OTP solution 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Aug 04, 2025

    Hi User100000​ 

    you can just use the appropriate template which you can find as macro inside VPE

    just replace AD Query and Auth with Local DB and create an SMTP configuration


    For trial MFA you can check DUO or Microsoft Entra
    Entra might be a free option as well but without conditional access etc.

    For a complete free MFA solution you could use Keycloak as IDP and use saml or oauth federation with APM

    • User100000's avatar
      User100000
      Icon for Nimbostratus rankNimbostratus
      Aug 09, 2025

      Thanks,

       

      Do you have the exact steps needed to use F5 on its own for OTP, to send the token generated from it to the user through SMTP?

      • Injeyan_Kostas's avatar
        Injeyan_Kostas
        Icon for Nacreous rankNacreous
        Aug 09, 2025

        As said there is already a macro template which you can use in your APM policy for this exact reason.

        • create a new policy
        • add a new macro
        • select macro template "AD query auth OTP by email and resources"
        • add this macro to the actual policy

         

        The only thing you have to configure yourself is your authentication method, macro uses AD but you can use local DB too, and the SMTP configuration under "System  ››  Configuration : Device : SMTP"