F5 BIG-IP Access Policy Manager

Enable zero-trust access for all apps—legacy and modern—with highly scalable identity- and context-based access controls.

Get the free trial

Zero Trust Begins with Secure Access to All Apps

Zero trust app access

Deploy zero-trust model validation based on granular context, securing every app access request.

  • Identity-Aware Proxy - Secure access to apps with a fine-grained approach to user authentication and authorization that enables only per-request context- and identity-aware access.
  • Single Sign-On (SSO) and Access Federation - Integrating with existing SSO and identity federation solutions, users can access all their business apps via a single login, regardless of if the app is SAML enabled or not.
  • OAuth 2.0 and OIDC Support - Enable social login to simplify access authorization from trusted third-party identity providers like Google, LinkedIn, Okta, Azure AD, and others.
Simple graphic representing Zero Trust App Access
Simple graphic representing Robust Endpoint Security

Robust endpoint security

Perform device security and integrity checks and deliver per-app VPN access without user intervention.

  • F5 Access Guard - A browser-based extension coordinates with APM to deliver continuous, ongoing device posture checks.
  • Step-up Authentication - Request additional forms of authentication—e.g., multi-factor authentication (MFA)—if the user’s device location or sensitive nature of app data warrant further analysis.
  • Mobile Device Management Integration - Integrate with leading MDM and enterprise mobility management (EMM) solutions, including VMware Horizon ONE (AirWatch), Microsoft Intune, and IBM MaaS360.

Secure remote access

Gain end-to-end data encryption with highly customized authentication and access control to individual apps, networks, and resources.

  • Per-App VPN - Enable granular control over corporate network access by ensuring data transmitted by managed apps travels only through a separate VPN tunnel.
  • Visual Policy Editor (VPE) - The advanced graphical interface makes designing and managing granular access control policies on an individual or group basis fast and simple.
  • Access Guided Configuration - Leverage a single and easy-to-use interface to onboard your legacy apps, as well as deploy Azure AD Conditional Access policies.
Simple graphic representing Secure Remote Access
Simple graphic representing Hybrid App Access

Hybrid app access

Integrating with IDaaS providers like Azure AD, you can centralize authentication to all your apps—cloud-native, SaaS apps and those on-prem.

  • Identity-Aware Proxy - Secure access to apps with a fine-grained approach to user authentication and authorization. IAP enables only per-request context-and identity-aware access.
  • Azure AD Conditional Access Integration - Easily deploy Conditional Access policies leveraging BIG-IP APM’s Access Guided Configuration (AGC).
  • Integration with Third-Party Risk Assessment Engines - Leverage third-party UEBA and risk engines via REST APIs to inform policy-based access controls using the API Connector for more layered security.

Product Overview

Secure, simplify, centralize

F5 BIG-IP Access Policy Manager (APM) secures, simplifies, and centralizes access to all apps, APIs and data to enable a highly secure yet user-friendly app access experience no matter where a user is located or where their apps are hosted.

BIG-IP APM is available in all business models including perpetual licenses, subscription, public cloud marketplace, and ELAs.

Software

Virtual editions support leading hypervisors and cloud platforms.

See software options ›

Cloud

Enjoy the same features but in the cloud.

See cloud options ›

Hardware

Purpose-built, powerful hardware.

See hardware options ›

Core Capabilities

Identity-aware proxy (IAP)

Deploys zero-trust model validation based on granular context, securing every app access request.

Modern authentication

Employs SAML, OAuth and OIDC for a seamless and secure user experience across all apps.

Dynamic split tunneling

Dynamically excludes Internet traffic from your VPN to conserve bandwidth.

Central management and deployment

Integrates with F5 BIG-IQ Centralized Management to ease deployment and boost cost-efficiency at scale.

Performance and scalability

Supports up to 1M access sessions on one BIG-IP device and up to 2M on a single VIPRION chassis.

PKCE support

Gain an extra layer of security for public and mobile apps with a more secure authorization flow based off OAuth 2.0.

Platform Support and Integrations

Technology Alliances

F5 partners with leading security, IT and infrastructure providers to support next-generation identity and access solutions.

Microsoft
okta
Ping Identity
Cisco
gemalto
vmware

Resources

FEATURED
Motorists Insurance Group

Motorists Insurance Group Gives Customers a Seamless Experience with F5 + Okta Solution

Using a customized F5 and Okta security solution in a hybrid, multi-cloud environment, Motorists Insurance Group was able to deliver a seamless experience to insurance agents and their clients.

Read the story

Solution overviews

BIG-IP Access Policy Manager Overview ›

F5 BIG-IP APM Identity Aware Proxy (IAP): The Gateway to a Zero Trust Architecture ›

F5 BIG-IP APM and Azure Active Directory Conditional Access ›

Data sheet

BIG-IP Access Policy Manager Data Sheet ›

DevCentral and F5 Labs

F5 BIG-IP Access Policy Manager (APM) Identity-based steering with SSL Orchestrator (SSLO) ›

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations ›

Multi-Stores Citrix environment BIG-IP APM ›

Next Steps

Request a demo
See BIG-IP Access Policy Manager in action.
Request a demo
Start a trial
Try BIG-IP Access Policy Manager in your environment.
Start today
Contact us
Talk to an F5 sales representative.
Contact us
Deliver and Secure Every App
F5 application delivery and security solutions are built to ensure that every app and API deployed anywhere is fast, available, and secure. Learn how we can partner to deliver exceptional experiences every time.
Connect With Us