Forum Discussion

Nimbostratus

Jun 25, 2018

SSO across multiple domains and group membership check

Hello, We are trying to replace our TMG with F5/APM. We currently have sites of the following type: sc1.domain1.com sc2.domain2.com sc3.example1.com In addition, there are also multiple sit...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

Nimbostratus

Jun 26, 2018

I'm not sure what you mean by "NULLing the session out" but we can avoid a bloated VPE as much as possible with the use of wildcards in the AD/LDAP query agent.

And yes, upon authentication and assignment of the webtop, only the assigned resources (based on on the memberof membership) will be available to the group and the ACL will be applied to those resources to further limit a perhaps broad resource assignment. I assume that this is what you mean by a users "allow list"?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSO across multiple domains and group membership check

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM Cookbook: Multiple Domain Authentication - Part 1

Multiple Ways to Configure Usage Reporting in NGINX

Enriching AFM with public domain Threat Intelligence

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

F5 APM Check Domain Membership

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS