apm aaa f5-mfa-configuration
apm aaa f5-mfa-configuration(1) BIG-IP TMSH Manual apm aaa f5-mfa-configuration(1)
NAME
f5-mfa-configuration - defines F5 multi-factor authentication configuration.
MODULE
apm aaa
SYNTAX
Configure the f5-mfa-configuration component within the aaa module using the syntax shown in the following
sections.
CREATE/MODIFY
create f5-mfa-configuration [name]
modify f5-mfa-configuration [name]
options:
app-service [[string] | none]
f5-service-connector [name]
permitted-devices-types [add | delete | modify | replace-all-with] {
[mobile | totp]
}
max-mobile-devices-per-user [[integer] | none]
registration-sms-template [[string] | none]
require-biometric [[true | false] | none]
edit f5-mfa-configuration [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list f5-mfa-configuration
list f5-mfa-configuration [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete f5-mfa-configuration [name]
DESCRIPTION
You can use the f5-mfa-configuration component to define F5 multi-factor authentication configuration.
EXAMPLES
create f5-mfa-configuration MyF5MFAConfiguration { f5-service-connector MyF5ServiceConnector permitted-
devices-types { mobile } max-mobile-devices-per-user 2 registration-sms-template "Hello, Please follow the
link below to register your device for second factor authentication:
%{session.f5_mfa.device_registration.registration_url}" require-biometric true }
Creates the f5 mfa configuration named MyF5MFAConfiguration with f5-service-connector
MyF5ServiceConnector, adds mobile to permitted-devices-types, sets max-mobile-devices-per-user to 2, sets
registration-sms-template to Hello, Please follow the link below to register your device for second
factor authentication: %{session.f5_mfa.device_registration.registration_url} and sets require-biometric
to true
delete f5-mfa-configuration MyF5MFAConfiguration
Deletes the f5 mfa configuration named MyF5MFAConfiguration from the system.
OPTIONS
[name]
Specifies the name for the f5 mfa configuration. This setting is required.
f5-service-connector
Specifies the f5-service-connector. This setting is required.
permitted-devices-types
Specifies permission of the use of mobile devices or hardware tokens (TOTP) or both for multi-factor
authentication. This setting is required.
max-mobile-devices-per-user
Specifies the number of devices that one user can register for multi-factor authentication.
registration-sms-template
Specifies the message to send to a user to register their mobile devices.
require-biometric
Set this item to true to require that the user present a physical characteristic, such as a fingerprint,
on the mobile device for an additional authentication factor.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2017. All rights reserved.
BIG-IP 2017-09-19 apm aaa f5-mfa-configuration(1)