Use a cookie to automatically authenticate with other applications

The tricky part I think is the cookie itself. An APM policy will normally generate a session cookie that is host-based, that is, it's relevant to a specific host name. If the browser is directed to another host name, it won't send that cookie. You can optionally set a domain attribute in the cookie, so that the browser will send the cookie to any URL in that DNS domain. If you use a domain cookie with multiple APM profiles, the first APM session will run through the policy evaluation just fine. But when you go to the second APM profile, the presence of the (valid) cookie will indicate that authentication is complete and pass over the access policy evaluation. You could do server side SSO in subsequent APM policies, but not full client side evaluation (ie. LDAP lookups, etc.).

While there are certainly ways to get around this with iRules, but probably the easiest thing to do would be to configure SAML authentication (if you're running 11.3 or higher). The user makes an initial request to a VIP with an APM profile configured for "BIG-IP as SP". The user is immediately redirected to another VIP, the IdP, for authentication, and then redirected back with a SAML assertion. The SP VIP processes the assertion and continues through the policy evaluation. When navigating to a second URL, that APM SP again redirects the user to the IdP, but because the user already has an authenticated session with the IdP, their immediately redirected back with an assertion without re-authenticating. The second VIP processes the assertion and then continues through the policy evaluation.