Configure F5 BIG IP APM gateway

During this task we will use the F5 console to configure F5 BIG IP to integrate with RADIUS.

Steps

There are twp parts to this configuration:

  1. Define a RADIUS Server Profile
  2. Edit an Access Policy

Before you begin

  • Ensure that you have the common UDP port and secret key values available.

Define a RADIUS Server Profile

  1. Sign in to the F5 console with sufficient privileges.
  2. Navigate to Access > Authentication > RADIUS and then click Create… to define a new RADIUS server. In older version, navigate to Access Policy > AAA Servers > RADIUS.
  3. Enter the following values to create a New RADIUS Server.
    Name Unique and appropriate name (OktaMFA)
    ModeAuthentication
    Server ConnectionDirect
    Server AddressIP or Name of Okta RADIUS Server Agent
    Authentication Service PortPort (1812)
    SecretSecret value defined above.
    Confirm SecretSecret value defined above
    NAS IP AddressOptional: the ip address of the F5
    NAS IdentifierOptional: an identifier of the NAS
    TimeoutRecommended: 60 seconds
    Retries2
  4. Click Finish to save the settings.

Edit an Access Policy

  1. Navigate to Access > Profiles / Policies > Access Profiles.

  2. Identify the Access Profile you wish to change and click the Edit… link in the Per-Session Policy column, as shown below.

  3. The screen shown below opens. Click Logon Page to edit the logon page.

  4. The screen shown below opens.

  5.   Enable a third input with the following selections.
    • Type: password

    • Variable: factor

    • Login page input field: Factor (e.g. <i>push, sms, 123456</i>)

  6. When done, click Save.
  7. Edit the existing RADIUS Auth or replace an existing Auth sequence with a RADIUS Auth step pointing to the password only RADIUS server created in the previous step, as shown below.

  8. After the initial authentication insert a new RADIUS Auth step pointing to the Factor only RADIUS server previously created. Change the Password Source variable to align with the updated logon page input %{session.logon.last.factor}.

  9. Click Save to save the settings.
  10. Click the Apply Access Policy button in the top left hand corner, as shown below.