Forum Discussion

Nimbostratus

Jul 14, 2016

F5 APM Authentication: Active Directory Method

I am not seeing any dedicated active directory (AD) account used by F5 APM to connected to AD. Is that because it uses Kerberos ?. Thank-you.

application delivery

BIG-IP Access Policy Manager (APM)

LTM

security

Lucas_Thompson_

Historic F5 Account

Jul 14, 2016

I'm assuming you are talking about AAA (frontend user auth, not SSO).

APM has two functions geared toward AD: AD Auth and AD Query. AD Auth uses the end user's credentials collected from a logon page and put into session.logon.last.username and session.logon.last.password, then transmits those via Kerberos to the specified AD server.

AD Query uses Kerberos to authenticate to an LDAP service on AD to issue queries. The creds from the AAA AD Server definition will be used. If it's empty, then the user's creds will be used.

I think this is covered pretty well in the manual, but you may want to review the APM Operations Guide which has a technical overview. If you feel like the information there is incomplete or confusing, please let us know and we'll update it as required:

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide.html

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 APM Authentication: Active Directory Method

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Azure Active Directory and BIG-IP APM Integration

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Complete MFA solution with GA stored in Active Directory

Active Directory authentication for management GUI

Remote Authorization via Active Directory

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS