Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 11, 2019

Google Authenticator implementation

Hello, we want to configure MFA/2FA using Google Authenticator (or at least the underlying time-based one-time password (TOTP) solution). We found several articles and guides here on DevCentral, bu...
BIG-IP Access Policy Manager (APM)
LTM
mfa
security
Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Jun 12, 2019

Ok, I got at least the APM-solution to work. And I want to share with you the combined iRule based on:

  • Google Authenticator Token Verification iRule For APM
  • Google Authenticator Verification iRule (TMOS v11.1+ optimized)

Maybe this is helpful for someone out there.

I made some testings and it looks fine so far, but maybe the experts can have a look on it as well. I tested this with version 13.0.0

 

But besides this, I would still be interested in the options to get this working even without APM at all. Is this still be possible via an Authentication-profile or are these features no more available in latest TMOS versions?

 

Special thanks here to George Watkins and Kai Wilke for the good work!!!

 

Ciao Stefan :)