We have AD users in other domains that have a two-way trust with ours. We have people in two-way trusted domains that also need access to the same tenants. We are struggling to figure out how to include those AD users without just creating local users. Does anyone have experience using multiple AD domains or two-way trusted domains to authenticate to an F5 Tenant? We are using the r4600 series appliances.
Solved! Go to Solution.
This is in relation to device management access. We are made up of 6 organizations using 6 different AD domains but all in the same forest. I created partitions in the tenant for each of them and I would like them to be managers of their own partitions. The domain listed in the device for LDAP purposes is xyz.com, so users in 123.com, abc.com, etc are not showing up even though we have a two-way trust between xyz.com and all of the others. In some of the other tools we use, AD either understands the trust and they just login with the normal domain credentials or we have to add each AD domain in individually.
Ok thanks for that detail. If you go into Authentication and configure User Directory, you should see Remote APM-Based as an option there. From there, you should be able to select Active Directory and it's similar to setting up an APM policy and you should have an option to enable Cross-domain support from there. Let me know if you see those options?