We are planning to use DUO authentication for all users access to our LTM. Currently we are using RSA to authenticate all logins to the LTM . We understand that in order to achieve this, we need to create Access Policy thru the APM using Radius . Also needs to do some editing on the access policy itself. Under System>Users:Authentication, there is an option to use Remote- APM based which we think we needed. However were not sure if selecting that option automatically makes local authentication as a fallback in case any issues happens on the Radius server . Thanks in advance
As far as I can see. the Remote-APM option is available in BIG-IP 13.x and 14.x. In 15.x it is not available anymore.
Also, not like Remote - AD oder Remote - LDAP, you don't have the option to Fallback to Local.
See this knowledge base article: K67025432: Configuring remote authentication fallback on BIG-IP systems
I checked this today on 15.1.2 and i have the Remote - APM Based option, i also can create the APM profile for it.
it probably doesnt get you to achieve what you want with DUO as you keep using the normal login page (not an actual APM one) so there is no space for a third field or to ask later for another field.