Shared access session with webtop

Hi Rabbit23 -- it sounds like you're looking for single sign-on where if the user logs into a webtop they are also logged into another virtual server. Have you looked at using SAML authentication? It is designed to implement single sign on for web applications. This would be your access flow: - user goes to the webtop - access policy on the webtop requires SAML authentication and redirects the user to the SAML identity provider - the SAML identity provider authenticates the user however is desired (including your two-factor requirement). - if the identity provider accepted the user, the identity provider gives the user a SAML claim (like a Kerberos ticket -- a bit of data that proves the identity of the user) - the user POSTs the claim back to the webtop access policy - the webtop access policy validates the claim and then anything else you want to check in the access policy (e.g. perhaps group membership) - the user has access to the webtop Later when the user clicks in the webtop to go to "virtual server b"... - user goes to virtual server B - access policy on virtual server B requires SAML authentication and redirects the user to the SAML identity provider - SAML identity provider remembers the user (because of the cookie that the user will send) and if the user's session is still valid it will give the user a claim for virtual server B - the user POSTs the claim back to the webtop access policy - the virtual server B access policy validates the claim and then anything else you want to check in the access policy (e.g. perhaps group membership) - the user has access to virtual server B It doesn't matter that virtual server B is only available internally. The SAML identity provider will need to be externally available however or else no one will be able to login to the webtop. If you don't have a separate SAML identity provider, you can implement within the F5 -- see Access Policy -> SAML.