Send OTP SMS or Email based on AD Group selection

Question

Hello Experts,&nbsp;
Currently, we are using OTP for all the AD Users. Even if they are not supposed to use SSL VPN, they can login successfully with AD and have OTP sent to them via Email &amp; SMS.&nbsp;
My VPE Policy...&nbsp;
Login &gt; AD Auth &gt; AD Query &gt; Variable Assign &gt; OTP Macro&nbsp;
We have a management requirement for not generating OTP if a user is not part of a certain VPN Group. We have created new AD Groups for only VPN users...such as ... APM_EMAIL, APM_SMS, APM_EMAIL_SMS.&nbsp;
So, if a user is part of APM_EMAIL group, he should only get email for the OTP and if the user is part of SMS group, he should only get SMS, and likewise if the user is part of EMAIL_SMS group then he would get both.&nbsp;
I need help on how to meet the requirements!&nbsp;

cthulhucalling_ · Answer

In your AD query, create a branch rule for each group, with the expression "AD Query, User is a member of" and enter the DN for the group. You can then do your email/SMS actions off of each branch.

Forum Discussion

Send OTP SMS or Email based on AD Group selection

1 Reply

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Raise your hand if you'll be at AppWorld 2026

RDP Webtop deployment

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Single LTM with multiple GTM domains

Related Content

Certificate Expiry Email alert configuration

Select pool based on HTTP host header

Select pool member based on HTTP query string parameter

SkyNet Is Coming For Email First... Thankfully!

Demystifying Time-based OTP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS