Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

How to use with microsoft authenticator ?

Sakkarin_Westco
Altostratus
Altostratus

‎06-Apr-2022 10:32

Hi team, How to use with Microsoft authenticator? ls let me know or point me in the right direction.

0 Kudos
7 REPLIES 7

Dario_Garrido
MVP
MVP

‎13-Apr-2022 01:27

Hello Sakkarin_Westco.

Microsoft Authenticator is Time-based OTP that is equivalent to Google Authenticator.

There are some examples of how to use F5 with Google Authenticator.

https://clouddocs.f5.com/training/community/iam/html/archived/class9/module5/lab1.html

https://community.f5.com/t5/technical-articles/two-factor-authentication-with-google-authenticator-a...

 

Regards,
Dario.
0 Kudos

Sakkarin_Westco
Altostratus
Altostratus

‎13-Apr-2022 04:26

Can you share the irule for generate ga code and ga code_verify ?

0 Kudos

Dario_Garrido
MVP
MVP
In response to Sakkarin_Westco

‎13-Apr-2022 04:51

For example:

https://community.f5.com/t5/crowdsrc/google-authenticator-token-verification-irule-for-apm/ta-p/2775...

Btw, if this response suits you, please don't forget to give some thumbs up or mark the response as "resolved" to let other people to find it.

Regards,
Dario.
0 Kudos

Sakkarin_Westco
Altostratus
Altostratus

‎18-Apr-2022 08:57

Dear  Dario_Garrido 

Is this irule for generate_ga_code ?Screen Shot 2565-04-18 at 22.56.34.png

0 Kudos

Dario_Garrido
MVP
MVP
In response to Sakkarin_Westco

‎18-Apr-2022 12:14

No mate, this iRule is for GA verifying.

Take into account that there are several steps involved on using Time-based OTP.

  1. Key generation.
  2. Key distribution (usually QR-Code).
  3. Key verification (validate that the code provided by the client is the expected code taking into account the key of this user).

In a production enviroment, F5 should only be doing the third step.

In my lab, I have the user key generated already stored in my A/D.

If my user wants to figure out what the key they have is, then uses a APM policy which captures the user key (LDAP query) and redirects this info to a PHP QR-code generator. Base on this syntax:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

This is my PHP QR-Code generator

https://github.com/edent/QR-Generator-PHP

After my user has the TOTP key already installed in their device, this previous iRule enters into play.

To be more precise, I'm using this API REST iRule to verify if the validation was passed.

https://community.f5.com/t5/crowdsrc/apm-google-authenticator-http-api/ta-p/287952

 

Regards,
Dario.
0 Kudos

Dario_Garrido
MVP
MVP
In response to Sakkarin_Westco

‎18-Apr-2022 12:18

BTW, with "generate_ga_code" I think you mean this iRule.

https://community.f5.com/t5/crowdsrc/google-authenticator-irule-for-two-factor-auth-with-ldap/ta-p/2...

But never tested, I recommend you to work in the approach I mentioned previously.

Regards,
Dario.
0 Kudos

Dario_Garrido
MVP
MVP

‎19-Apr-2022 11:07

I've just written this article talking about TOTP and maybe could be helpful in your case.

https://community.f5.com/t5/crowdsrc/demystifying-time-based-otp/ta-p/294658

 

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC