radius
2 TopicsRadius Proxy with Google Authenticator
During Programmability Month, we released a Getting Started with iRules LX series of introductory articles, covering concepts, workflows, troubleshooting techniques, and best practices. This last week, one our community members, Artiom, took to Youtube to start sharing his newfound love of the new iRules LX functionality. He starts his video series with an overview of a solution to support a radius call and translate to an ldap back-end query, shown below. After the intro video, he goes back to square one to start cover setup and then in the last current video in the series, covers the traditional iRules portion of this solution. The Youtube series is embedded here, so as Artiom adds more videos to the series, they'll be automatically added here as well. Way to go, Artiom, looking forward to watching the rest of the series!389Views0likes1CommentAPM Cookbook: Okta MFA Integration
Since the launch of the Okta and F5 Integration Guide I've seen interest in leveraging this partnership take off. One aspect I've enjoyed is watching how customers address pain points they were not able to address previously. For example, providing multi-factor authentication (MFA) for Microsoft Exchange Outlook Web Access (OWA). This particular customer standardized on Okta's MFA solution but OWA was behind Microsoft Threat Management Gateway (TMG) and could not easily integrate with Okta. For this solution F5's Access Policy Manager (APM) will replace the TMG servers and leverage Okta's on-premises RADIUS agent for MFA via Okta Verify, which supports push notification - by far my favorite feature. I've included a video below that walks through the process of configuring Okta for RADIUS based multifactor as well as configuring APM to leverage Okta's RADIUS agent. https://youtu.be/jpoVo0nuilQ?list=PLAVmgu9Rja5Cyu7KhQ3CUJFNOI5Tr-Wk2 Okta Configuration On the Okta administrator portal you'll need to create a new Okta Sign-on policy: Security -> Policies. Once you name the new policy you'll need to add a rule: The crucial part here is to select RADIUS for the And Authenticates via option. F5 Configuration The F5 APM configuration is pretty straight forward since you can use the built-in VPE macro template for RADIUS authentication but we'll need to create a RADIUS AAA object first. Once the RADIUS AAA object is created go ahead and create a new Access Profile and customize your VPE as shown below - for detailed steps please watch the attached video. Pretty easy solution and we're just scratching the surface on what is possible. Can't wait to start playing with Okta's API via iRules LX!867Views0likes4Comments