product icon

F5 BIG-IP APM VPN configuration for the LastPass Universal Proxy LDAP protocol

    This is a step-by-step description of how to configure F5 BIG-IP APM VPN for LastPass Universal Proxy using the LDAP protocol, in order to set LastPass MFA as a secondary authentication method. The following steps contain the Universal Proxy related settings.

    About this task:

    The following main steps are necessary for the configuration:

    Configure your LDAP server properties

    1. Log in to the F5 BIG-IP APM management console in a browser.
    2. In the left navigation, go to Access > Authentication.
    3. Select LDAP.
    4. Click Create.
    5. In the Name field, enter a name for your server.
    6. In the Server Connection field, select Direct.
    7. In the Server Address field, enter the IP address of LastPass Universal Proxy.
    8. In the Service Port field, enter the port number (default is 389). This is the port that is set in the Universal Proxy configuration.
    9. In the Base Search DN field, add the base search DN in the following format: ou=Users,dc=domain,dc=country_code.
    10. In the Admin DN field, add the admin DN in the following format: CN=Administrator,CN=Users,DC=domain,DC=country_code.
    11. In the Admin Password, and Verify Admin Password fields, enter the LDAP admin user password.
      Note: In our solution the LDAP bind operation uses the distinguished name (DN) and user password.
    12. In the Group Cache Lifetime field, enter 30.
    13. In the Timeout field, enter 60.
    14. Click Finished.

    Configure your Access Policy

    1. In the Main tab, go to Access > Profile / Policies > Access Profiles.
    2. In the Access Profile List tab find your policy and click Edit in the Access Policy column.

      The F5 BIG-IP APM visual policy editor opens the access policy.

    3. Click your policy.
    4. In the Properties tab set the following fields:
      Server
      Choose your server from the list.
      SearchDN
      dc=domain,dc=country_code
      SearchFilter
      (samAccountName=%{session.logon.last.username})
    5. Click Save.
    Results: You have now configured LDAP authentication for your F5 BIG-IP APM VPN.
    Related Articles