Forum Discussion

Cirrus

Mar 01, 2019

Limit particular AD users on APM?

I am doing a very basic AD login with an Active Directory AAA server and access profile. Is there a way to limit a list of users that can access the virtual server with the applied APM profile? ...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

AMiles_377865

Cirrocumulus

Mar 06, 2019

Hi Patrick,

APM can easily handle authorization in addition to accounting. The easiest way to limit access to the VIP would be to create different groups on your AD server; one for each team with different levels of access. Then, in your VPE, add an AD query, and configure your VPE to make decisions based on the results of the query. i.e., if a user is a member of a particular group, they can be allowed through, denied, or receive a specific message, etc.

Your iRule solution looks like it would work fine, but it might be more difficult to maintain rather than just directly changing your access policy. F5 has a guide on implementing AD queries if you're interested. At the end of the day it might just come down to whatever is easiest for you.

Best of luck,

Austin

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Limit particular AD users on APM?

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

F5 BigIP APM VPN some LDAP field are base64 encoded

Problem with sending BotDefense logs to remote server

adding second hard drive to a VE

Related Content

Rate Limiting SSL VPN User Traffic

SSL Orchestrator Service Extensions: User Coaching

DEVCENTRAL END-USER LICENSE AGREEMENT

Securing the LLM User Experience with an AI Firewall

Sharing User Credentials Between SAML IDP and SP Policies in F5 APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS