This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Integrations

Featured integrations of RSA Authentication Manager with various third party products for access control, cloud & SaaS, federated SSO, OS and platforms, privileged access and remote access.

F5 BIG-IP APM 14.1 - Step-up Authentication Configuration - RSA Ready SecurID Access Implementation Guide

Perform these steps to apply your RADIUS, SSO Agent, Relying Party or Authentication Agent configuration to F5 BIG-IP APM Step-up Authentication.

In this use-case F5 does the primary authentication, i.e. AD Password, then calls RSA SecurID access for additional authentication known as Step-Up authentication. The additional authentication can be done via SAML to cloud IdP (Relying Party) or via Radius.

 

Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary section for more information.

Procedure

Note:  It is assumed that there is an Access Profile (in this example it is named abtest-access-profile) and a Virtual Server (named as abtest_vs) already created and configured such that it can successfully perform AD authentication to grant access to a protected resource. The following steps gives instructions on how to modify the access profile to use RSA SecurID Access to grant access to the same protected resource. More detailed instructions on how to create and modify access policies and mapping access policies to virtual servers can be found in F5 BIG-IP APM's documentation. The Access Policy before modification is as shown below:
access-policy-note_624x166.png

 

Create or modify an F5 Access Profile

1. Click Main > Access > Profiles / Policies > Access Profiles (Per Session Policies).

radius-am-f5-step5.png

2. On the Access Profiles page, enter the name of the access profile to be modified in the search box and click Search.

3. Click on Edit... corresponding to the access profile to be modified.

radius-am-f5-step7_624x121.png

4. On the Visual Policy Editor page, click on the + sign on the Successful transition of the AD Auth block.

5. On the pop-up window, click on Authentication tab and then click:

  • RADIUS Auth radio button (for RADIUS with AM and RADIUS with CAS integration types)
  • SAML radio button (for Relying Party and SSO Agent - SAML integration types)

6. Click Add Item.

7. On the next pop-up window, from the AAA Server drop-down list select:

  • the RADIUS server configured in F5 (for RADIUS with CAS integration type).

    • use-case2-radius-F5-properties_624x236.png

  • the the SAML SP Service configured in F5 (for Relying Party - SAML integration types).

    • use-case2-relying-party-properties_624x182.png

12. Click Save.

13. Click Apply Access Policy and then click Close.

radius-am-f5-step14_624x35.png

The fully configured access profile for each integration type will look as below:

  • RADIUS with CAS

use-case2-radius-F5-workflow_624x152.png

  • Relying Party SAML

use-case2-relying-party-workflow_624x153.png

Create and link a F5 iRule

  1. Under Main > Local TrafficiRules create or edit the required iRule

    2. use-case2-irule-step1_624x295.png

    use-case2-irule-step2_624x207.png

  2. Link Irule to Virtual Server

    3. use-case2-irule-step3_624x152.png

    use-case2-irule-step4_624x302.png

Return to Configuration Summary.

You are here
F5 BIG-IP APM 14.1 - Step-up Authentication Configuration - RSA Ready SecurID Access Implementation Guide
Labels (1)
Labels:
0 Likes
Was this article helpful? Yes No
No ratings
Version history
Last update:
a month ago
Updated by:
Beginner
Contributors

Related Content

Article Dashboard
© 2020 RSA Security LLC or its affiliates.
All rights reserved.