Google authenticator - APM

Question

I set up the Google authenticator in our APM system.

I think the issue of QR Code is a bit cumbersome, I mean that one should set up a dedicated VS in favor of irule and the user should scan the QR and then the value string I need to put in some datagroup or as an attribute in AD.

Should it be done like Pulse Secure?
I mean the first time the user loging in he gets a page (I attached a picture) that he performs the QR scan independently and the pulse knows how to store it with him and manage the users.

Is this possible in APM?

petewhite · Answer

The issue with doing this on the BIG-IP is that you can't make control plane changes from the user plane ie a virtual server/iRule cannot update a datagroup directly ( or at least, not without some added complexity ). It would be possible to store it in a subtable or suchlike though, and provide an iRule which outputs the entries in an API manner, then use an iCall script to query the API and write the entries to the datagroup on a periodic basis.

Forum Discussion

Google authenticator - APM

1 Reply

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Two-Factor Authentication With Google Authenticator And APM

APM Google Authenticator HTTP API

Google Authenticator Token Verification iRule For APM

Two-Factor Authentication With Google Authenticator And LDAP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS