Hi Shashank jain,
For token auth, the BIG-IQ has this feature in v6.1+ if I'm not mistaken useful for Restful operations. You can send a POST to https://bigiq/mgmt/authn/login but this isn't permanent. You used to be able to PATCH the token timeout but I believe this is fixed in later versions (at least doesn't work for me on v7). In the response you would receive a 'refreshToken' used to obtain a new token; this token expires in a day by default.
You can block access to TMUI at L3 by modifying httpd access.
More details here https://support.f5.com/csp/article/K13309
Hope that helps.
Kind regards
Ben