Outlook Anywhere 2 Factor Authentication
Hello, since there is no native support for 2FA by Outlook Anywhere I'm wondering if it's possible to set up 2FA with SAML. For example, Outlook is connecting and authenticated by the NTLM Auth object. After this AD query finds users mobile number from AD, SAML is triggered and a iRule sends a SMS with a "magic link". The user has to open this link on his smartphone and the session is allowed. The link refers to the BigIP as SAML service provider. Something like Ping Identity does without external service provider and mobile app where you have to confirm your ID by sliding over. What do you think? Is this possible or have someone did a scenario like this already? Cheers
2 factor authentication with different timeouts
I have some APM policy working with one and two factor authentication. But now we need to have a two factor authentication with different timeouts for the second factor. Example: Client connect in the morning and have a full login with 2 factor. First is LDAP second is RSA over Radius. After 2 hours the client come back and need a re authentication but now we want to check only LDAP. But after one day we want both factors. Idea is to write an additional cookie with encoded string of username and last logon. Then the F5 can check this during the authentication and/or set. But I don’t know how. Thanks for our help
Storefront logout and re-authenticate with no prompt for credentials
Hi, We've integrated citrix storefront with F5 (11.6.2) recently by using iApp . Everything works great but we have an issue with the authentication to the storefront once user logs off from the citrix, Users are able to logon without prompting for username and password when clicked on logon. We are using Imprivata for Radius and its MFA. Any help would be much appreciated. FYI: no user sessions should be terminated after logout is enabled.
F5 client - Only want it to connect from the webtop
Hi Everyone, I wanted to setup a scenario where a user has to always sign in and authenticate to a webtop (which we have 2 factor setup), click on the vpn resource on the webtop, and launch the F5 bip-ip client for the connection. I don't want the user to be able to just fire up the VPN client and get access without logging in to the web portal/webtop setup. (no bypassing the 2fa piece) Is this possible to always enforce?