F5 VPN Access Using PingID

George
May 27, 2022

4.7k
0
1
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Print
- Other Artcile

This article describes how to set up the mobile device, PingID, for Multi-Factor Authentication (MFA) to login to F5 VPN.

Introduction

F5 VPN is a server side security product for authentication with a choice of client side, using PingID or others for MFA. We will introduce both F5 VPN and PingID and their companies respectively, and then discuss the the setup process or the integration of F5 VPN and PingID.

This is the structure of this article:

Introduction
- F5 VPN & F5 Inc.
- PingID & Ping Identity Corporation
Register PingID to F5 VPN
Login F5 by Using PingID

F5 VPN

F5, Inc. is an American technology company specializing in application security, multi-cloud management, online fraud prevention, application delivery networking (ADN), application availability & performance, network security, and access & authorization [wiki]. F5 is headquartered in Seattle, Washington in F5 Tower, with an additional 75 offices in 43 countries.

Major product of F5 is BIG-IP product family comprises hardware, modularized software, and virtual appliances that run the F5 TMOS operating system

PingID

Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot with global offices in Vancouver, British Columbia, Tel Aviv, Israel, Austin, Texas, Denver, Colorado, and Boston, Massachusetts. Ping also has European operations with offices in London, Paris, and Switzerland as well as offices in Bangalore, Melbourne, and Tokyo, serving Asia-pacific.

The company's software provides federated identity management and self-hosted identity access management to web identities via attribute based access controls, similar to identity management system tools developed by Microsoft and Okta. This Single sign-on (SSO) gives users a single set of credentials to access applications (web applications, apps on mobile devices, VPN, etc).

Ping Identity products include PingID, PingFederate, PingOne, PingAccess, PingDirectory, PingDataGovernance, and PingIntelligence [above from wiki].

PingID is a cloud-based authentication service that binds user identities to mobile devices [below from].

During the PingID authentication process, the PingID service sends an authentication request to the user's mobile device. No password response is required: the user just swipes to authenticate.

You can use PingID for any of these solutions:

PingOne SSO

Use PingID as a secondary authentication solution for PingOne single sign-on (SSO) in the cloud. A PingOne administrator can enable PingID in minutes.

PingFederate SSO

Use PingID as either a secondary or primary authentication solution for federated SSO through PingFederate. A PingFederate administrator can install and configure a PingID adapter that negotiates with the PingID service.

VPNs

Use PingFederate and PingID for multi-factor authentication (MFA) from your VPN. This solution uses PingFederate with a password credential validator (PCV) for PingID for identity access management, and PingOne for user management. You need only a few additional settings to enable PingID authentication for your VPN.

Passwordless authentication

Use PingID with biometrics or a security key to provide passwordless authentication for Web authentication through PingFederate.
Use PingID mobile application to provide passwordless authentication for Windows login.

Register PingID to F5 VPN

Server Side, F5

We start from server: login to your company F5 VPN Web Portal with your UserName and Password:

You will see the following screen,

Click Start to begin the device registration process,

Pick an appropriate option to continue the device registration process, such as choosing SMS,

Enter the code received on your mobile device from the SMS text. Click Verify to continue,

Click Start.

You got a QR code ready for you to scan and pair to your mobile device, Such as PingID.

Now we move to client side, PingID.

Client Side: Smart Phone (iPhone)

Download and install PingID from App store,

Open it, the PintID app will prompt you for the license agreement and app usage questions. Follow the instructions to setup and then you will get a prompt to allow camera access for QR scanning:

Integrate PingId and F5 together

Scan the QR code displayed on your computer web browser from the F5 VPN portal:

You will be prompted to complete your profile,

A One-Time Passcode (OTP) will be displayed on your mobile device. This OTP will be pushed to your computer web browser and will complete authentication.