Forum Discussion

Cirrus

Oct 08, 2025

SSO login for APM Profiles

We would like a user to be able to login to any APM profile and be able go right into others as long as the session is alive. This seems to work fine for my SAML Profile, but OAuth is prompting for ...

APM Authorization

Aswin_mk

MVP

Oct 09, 2025

Hi,

Are both APM OAuth clients under the same SSO / Auth Domain in Access → Federation → SSO / Auth Domains?

If APM is the AS, are the clients registered under the same tenant with Reuse Existing Session enabled?

Please go though the below article to verify more about this

https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-oauth-configuration/using-apm-as-an-oauth-2-server.html

BGill__CISSP__C
Cirrus
Oct 09, 2025
Thanks for the Response.. All of the clients are using the same Access Profile and same OAuth Profile. We are using single SSO Domain. I have attempted Changing the Profile Scope to Virtual Server and Global with no changes. APM is the AS, but I am not finding a setting for Reuse Existing Session.
- Injeyan_Kostas
  Nacreous
  Oct 09, 2025
  So you have one single policy?
  Can you describe your Setup?
  On your first message you mentioned "any APM Profile" but now you say it's the same Profile for all
  - BGill__CISSP__C
    Cirrus
    Oct 09, 2025
    I was referring to our 1 SAML Profile and 1 OAuth Profile when I said any.. Ideally, any user that has authenticated into the F5 APM could get right into either SAML or OAuth, but it would be a big improvement if they only need to authenticate in each profile (SAML, OAuth) once. Does that clear it up or do you need more info?
- Aswin_mk
  MVP
  Oct 09, 2025
  I hope you have go through the link
  - Injeyan_Kostas
    Nacreous
    Oct 09, 2025
    hi Aswin_mk
    I also cannot find what you are mentioning
    Can you please point?