Can APM remember a device after an initial logon?
For example, if I login to a device using token and AD credentials, I get access to the resources behind the APM.
Now for the second time with the same machine, can it just go through....kind of like Google's remember my computer or does this require a second party app for risk based authentication?
You should be able to use an iRule to store a key/value pair of machine name and user name. You would then have logic in the VPE and iRules to allow access if the machine had a corresponding username in the table.
I would suggest to use client certificates instead as machine names could be spoofed really easy.
Where is this tabled stored ?
In memory or somewhere physical?
I can't do machine certs, because it would be for both trusted and non trusted devices. Can the APM provision certs to devices that pass a strong multifactor challenge>?
The table is stored in memory.
The APM cannot provision certs to devices.
Your best bet is to use some location aware service for authentication like Toopher or one of the other mobile apps that provide this type of access.