F5 Device discovery using Active Directory integrated authentication through Remote Directory Tree Mapping

Question

[posting on behalf of Fabrizio]&nbsp;
&nbsp;Hi Julian,&nbsp;
&nbsp; The customer is testing 
the BIGIP Virtual with SCOM monitoring, and he correct integrate BIGIP 
with AD authentication (because probably for performing discovery it 
should be needed a service AD account).  &nbsp;
&nbsp; I think it isn't 
possible this because the discovery tool needs the BIGIP administrator 
granted account. Also, into SCOM interface we saw the task correctly 
performed, but we can't see the appliance and the data. &nbsp;
&nbsp; So, I ask requested log to customer, I'll send you asap. &nbsp;
&nbsp; Thanks a lot 
&nbsp; Best Regards 
&nbsp; Fabrizio&nbsp;&nbsp;&nbsp;

julian_balog_34 · Answer

Hi Fabrizio, 
&nbsp;  
&nbsp; If I understand correctly, you're concerned if the account used in the F5 Management Pack discovery wizard needs to be an Active Directory account. No, not at all. It could be just a local device account (used for basic authentication). But it needs to have an admin role on the F5 device. On the other hand, you could use the Active Directory integrated authentication mapping through the 'Remote Directory Tree' configuration (on the F5 device): Users :: Authentication :: User Directory :: Remote Active Directory :: Remote Directory Tree, where you would enter the AD organizational group (OU) which contains the user accounts for accessing the F5 device. You can have this OU / user group have admin rights on your F5 device. 
&nbsp;  
&nbsp; Julian

julian_balog_34 · Answer

Hi Fabrizio, &nbsp;
&nbsp; In case the LDAP/Active Directory integration is still an issue with setting up an F5 Device account to be used in the F5 Management Pack discovery, I would suggest reading the following article related to "F5 Device Discovery: LDAP remote authentication for Active Directory" at: &nbsp;
&nbsp; Julian

Forum Discussion

F5 Device discovery using Active Directory integrated authentication through Remote Directory Tree Mapping

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Service Discovery and authentication options for Kubernetes providers (EKS, AKS, GCP)

Yubikey Authentication Modes and Azure AD integration via the APM

Access Troubleshooting: BIG-IP APM OIDC integration

Out of the Shadows: API Discovery and Security

Service Discovery in F5 Distributed Cloud - Architecture Options