F5 APM Google Authenticator

Question

I'm looking to implement two factor authentication in front of a web top.

I would like to have the option to enroll users who do not have a shared secret stored for the 2FA when they first login.

Following the below guide is troublesome as links to the example iRule source code return 404.

https://devcentral.f5.com/s/articles/two-factor-authentication-with-google-authenticator-and-apm

Is there any modern resources for implementing Google Authenticator / 2FA (TOTP/HOTP) on big-ip 14+ ?

This seems like a very simple feature and it is puzzling why it isn't just a check-box in APM.

niels_van_sluis · Answer

As far as I know there is not yet a solution available that will give you the option to enroll users that don't have a shared secret stored. Here are some links that will give you more information about the implementation that George Watkins created:

https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/

https://f5-agility-labs-iam.readthedocs.io/en/latest/class9/module5/lab1.html

There is also another implementation available that has more focus on security. See:

https://devcentral.f5.com/s/articles/apm-google-authenticator-http-api-914

zchriss · Answer

Hi Niels,&nbsp;The top link ( https://loadbalancing.se/2016/07/09/setting-up-apm-with-google-authenticator/ ) was exactly what I was looking for. It seems to mostly follow George Watkins guide and more importantly has a copy of the irules. Thanks!&nbsp;I have seen enrollment done here, and the video does make it look very polished:&nbsp;https://www.youtube.com/watch?v=mFmx4TDWyD0&nbsp;Again, it seems like there are no copies of the irules anywhere. Which is a shame!&nbsp;Cheers,Chris

niels_van_sluis · Answer

Hi Chris,&nbsp;Nice feature! The iRules for auto enrollment seem to be located here:&nbsp;https://github.com/codygreen/F5-MFA&nbsp;Kind regards,&nbsp;     --Niels

gpetricca · Answer

Hi all,about the codygreen solution using iRules LX for self-enrollment, do you know where to find the corresponding APM policy?I'm trying to reverse-engineer the code, but it's difficult for me to build the policy flow.Thanks!&nbsp;Cheers,Gabriele.

Forum Discussion

F5 APM Google Authenticator

4 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Two-Factor Authentication With Google Authenticator And APM

APM Google Authenticator HTTP API

Google Authenticator Token Verification iRule For APM

Two-Factor Authentication With Google Authenticator And LDAP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS