F5 BIG-IP Access Policy Manager

Enable zero-trust access for all apps—legacy and modern—with highly scalable identity- and context-based access controls.

Zero Trust Begins with Secure Access to All Apps

Simple graphic representing Robust Endpoint Security

Robust endpoint security

Perform device security and integrity checks and deliver per-app VPN access without user intervention.

  • F5 Access Guard - A browser-based extension coordinates with APM to deliver continuous, ongoing device posture checks.
  • Step-up Authentication - Request additional forms of authentication—e.g., multi-factor authentication (MFA)—if the user’s device location or sensitive nature of app data warrant further analysis.
  • Mobile Device Management Integration - Integrate with leading MDM and enterprise mobility management (EMM) solutions, including VMware Horizon ONE (AirWatch), Microsoft Intune, and IBM MaaS360.

Simple graphic representing Hybrid App Access

Hybrid app access

Integrating with IDaaS providers like Azure AD, you can centralize authentication to all your apps—cloud-native, SaaS apps and those on-prem.

  • Identity-Aware Proxy - Secure access to apps with a fine-grained approach to user authentication and authorization. IAP enables only per-request context-and identity-aware access.
  • Azure AD Conditional Access Integration - Easily deploy Conditional Access policies leveraging BIG-IP APM’s Access Guided Configuration (AGC).
  • Integration with Third-Party Risk Assessment Engines - Leverage third-party UEBA and risk engines via REST APIs to inform policy-based access controls using the API Connector for more layered security.

Product Overview

Secure, simplify, centralize

F5 BIG-IP Access Policy Manager (APM) secures, simplifies, and centralizes access to all apps, APIs and data to enable a highly secure yet user-friendly app access experience no matter where a user is located or where their apps are hosted.

BIG-IP APM is available in all business models including perpetual licenses, subscription, public cloud marketplace, and ELAs.

Virtual editions support leading hypervisors and cloud platforms.

Enjoy the same features but in the cloud.

Purpose-built, powerful hardware.

Core Capabilities

Deploys zero-trust model validation based on granular context, securing every app access request.

Federates identity, drives adaptive multi-factor authentication (supporting FIDO U2F and RADIUS protocols), and enables single sign-on to all apps.

Unifies identity for remote access via SSL VPN with a secure and adaptive per-app VPN.

Centralizes authentication, authorization, and endpoint inspection via web app proxy.

Secures authentication for REST APIs, integrating OpenAPI (or Swagger) files.

Employs SAML, OAuth and OIDC for a seamless and secure user experience across all apps.

Dynamically excludes Internet traffic from your VPN to conserve bandwidth.

Integrates with F5 BIG-IQ Centralized Management to ease deployment and boost cost-efficiency at scale.    

Supports up to 1M access sessions on one BIG-IP device and up to 2M on a single VIPRION chassis.

Gain an extra layer of security for public and mobile apps with a more secure authorization flow based off OAuth 2.0.

Platform Support and Integrations

Technology Alliances

F5 partners with leading security, IT and infrastructure providers to support next-generation identity and access solutions.

Resources