NTLM authentication in APM

Question

Hi,&nbsp;
I have the following APM Policy defined on a Virtual Server:&nbsp;
&nbsp;
To introduce NTLM on it [following the article: https://devcentral.f5.com/articles/configuring-apm-client-side-ntlm-authentication] to allow seamlessly authentication for domain-joined machines:&nbsp;
Do I need to replace on the 'Negotiate' branch the AD box for an NTLM box [NTLM Auth Result]?A not domain-joined machine will follow basic or negotiate branch?on the HTTP 401 box, What do I need to select on 'HTTP Auth Level' [none, basic, negotiate, basic+negotiate]?
Many thanks&nbsp;

stanislas_piro2 · Answer

NTLM is not configurable in APM yet.&nbsp;
To support NTLM auth, you have to &nbsp;
enable eca profile in the virtual server configuration (tmsh only, not available in webui)create a NTLM profile in APMenable this profile with an irulecreate a NTLM auth result box in APM to get NTLM auth status done before APM evaluation.

Forum Discussion

NTLM authentication in APM

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Related Content

Configuring APM Client Side NTLM Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Leveraging BIG-IP APM for seamless client NTLM Authentication

APM Sharepoint authentication

Two-Factor Authentication With Google Authenticator And APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS