F5 BIG-IP APM 14.1 - Access Profile Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Jun 25, 2019Last modified by RSA Information Design and Development on Jun 25, 2019
Version 2Show Document
  • View in full screen mode

Perform these steps to apply your RADIUS, SSO Agent, Relying Party or Authentication Agent configuration to F5 BIG-IP APM Access Profile.

 

Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary section for more information.

Procedure

Note:  It is assumed that there is an Access Profile (in this example it is named abtest-access-profile) and a Virtual Server (named as abtest_vs) already created and configured such that it can successfully perform AD authentication to grant access to a protected resource. The following steps gives instructions on how to modify the access profile to use RSA SecurID Access to grant access to the same protected resource. More detailed instructions on how to create and modify access policies and mapping access policies to virtual servers can be found in F5 BIG-IP APM's documentation. The Access Policy before modification is as shown below:

1. Click Main > Access > Profiles / Policies > Access Profiles (Per Session Policies).

2. On the Access Profiles page, enter the name of the access profile to be modified in the search box and click Search.

3. Click on Edit... corresponding to the access profile to be modified.

4. On the Visual Policy Editor page, click on the x sign on the AD Auth block.

5. On the Item Deletion Confirmation pop-up window, click on the Connect previous node to Successful branch radio button and then click Delete.

6. (This step is only for Relying Party and SSO Agent - SAML integration types)
Click on the x sign on the Logon Page block.

7. (This step is only for Relying Party and SSO Agent - SAML integration types)
On the Item Deletion Confirmation pop-up window, click on the Connect previous node to fallback branch radio button and then click Delete.

8. Click on the + sign next to the fallback branch of the

  • Logon Page block (for Authentication Agent, RADIUS with AM and RADIUS with CAS integration types)
  • Start block (for Relying Party and SSO Agent - SAML integration types)

(image shown is for Authentication Agent integration type)

9. On the pop-up window, click on Authentication tab and then click:

  • RSA SecurID radio button (for Authentication Agent integration type)
  • RADIUS Auth radio button (for RADIUS with AM and RADIUS with CAS integration types)
  • SAML radio button (for Relying Party and SSO Agent - SAML integration types)

(image shown is for Authentication Agent integration type)

10. Click Add Item.

11. On the next pop-up window, from the AAA Server drop-down list select:

  • the RSA SecurID server configured in F5 (for Authentication Agent integration type).
  • the RADIUS server configured in F5 (for RADIUS with CAS and RADIUS with AM integration types).
  • the the SAML SP Service configured in F5 (for Relying Party and SSO Agent - SAML integration types).

(image shown is for Authentication Agent integration type)

12. Click Save.

13. Click Apply Access Policy and then click Close.

The fully configured access profile for each integration type will look as below:

  • Authentication Agent

  • RADIUS with AM and RADIUS with CAS

  • Relying Party and SSO Agent - SAML

 

Return to Configuration Summary.

 

Attachments

    Outcomes