Forum Discussion

Oudi_Cohen_Kash's avatar
Icon for Altocumulus rankAltocumulus
May 30, 2022

Google authenticator - APM

I set up the Google authenticator in our APM system.

I think the issue of QR Code is a bit cumbersome, I mean that one should set up a dedicated VS in favor of irule and the user should scan the QR and then the value string I need to put in some datagroup or as an attribute in AD.

Should it be done like Pulse Secure?
I mean the first time the user loging in he gets a page (I attached a picture) that he performs the QR scan independently and the pulse knows how to store it with him and manage the users.

Is this possible in APM?

1 Reply

  • The issue with doing this on the BIG-IP is that you can't make control plane changes from the user plane ie a virtual server/iRule cannot update a datagroup directly ( or at least, not without some added complexity ). It would be possible to store it in a subtable or suchlike though, and provide an iRule which outputs the entries in an API manner, then use an iCall script to query the API and write the entries to the datagroup on a periodic basis.