Tenant Settings Instructions

Published April 5, 2023 | Last modified March 20, 2026

Objective

This guide provides instructions on how to manage general settings for your tenant, and personal account settings in F5® Distributed Cloud Services. The tenant-level settings allow you to control user access, and define policies around it and user-level personal account settings allow you to configure settings such as notification preferences, Multi-Factor Authentication (MFA), etc. To know more information about supported user access management, see User Access Management.

Using the instructions provided in this guide, you can configure tenant policies such as password policy and personal settings such as MFA and notification preferences.

Prerequisites

The following prerequisites apply:

Account

Note: If you do not have an account, see Getting Started with Console.

Tenant settings such as Login Options require the Tenant Owner role.

Note: See Access Policies and Rules for more information.

Configure Tenant Settings

The information provided in this chapter covers tenant-level settings, and some of these settings may require you to have the Tenant Owner role.

Log into F5 Distributed Cloud Console, go to Tenant Settings

Select Tenant Settings in left-menu > select Tenant Overview.

Figure: Tenant Settings Page

Configure Custom Logo

Select Change Logo in Custom Logo section to load custom logo form.

Select Upload Image, and upload image for your logo.

Note: Ensure that the image complies with the requirement displayed on the form.

Figure: Custom Logo

Select Save.

Set Tenant Policies

Select Set Up Policies in Tenant Policies section to load tenant policy configuration form.

Figure: Tenant Settings - Tenant Policies

Enter Display Name for your tenant in the basic Tenant Details section.

Note: This name gets displayed in the tenant login screen.

User Session Expiration - Configure session timeouts in User Session Expiration section. The Session Management settings enable administrators to configure "Idle" and ""Absolute" time out. Refer to the below table for more details about these settings.

Timeout Type	Description	Range	Default
Idle	Period of inactivity before re-authentication is required (cookie expiry).	5 minutes - 30 days	15 minutes
Absolute	Maximum session duration regardless of activity (session expiry).	5 minutes - 30 days	24 hours

Note: For meeting the PCI DSS 8.2.8 requirement, set idle timeout at maximum 15 minutes.

Please note that changes to timeout settings will be recorded in audit logs. After applying changes, it may take up to 5 minutes to take effect.

Brute Force Detection - This system uses algorithms to temporarily lock accounts for a specified time period after detecting an attack. The lockout duration increases with longer persisting attack attempts. Set number of times before login delay is triggered. Login delay wait time can increment to 15 minutes maximum.

Figure: Basic and Brute force Detection Settings
Password Policy - Define custom password requirements for your tenant. All tenant users must adhere to the policy when creating or updating their passwords.

In Password Policy section:
- Min Number Of Digits: Enter value in box to specify minimum number of required digits in password.
- Min Number Of Lowercase Characters: Enter value in box to specify minimum number of lower case characters in the password.
- Min Number Of Uppercase Characters: Enter value in box to specify minimum number of upper case characters in the password.
- Min Number Of Special Characters: Enter value in box to specify minimum number of special characters in the password.
  
  Note: Special characters are characters such as ?!#%$.
- Check Not Username box to ensure password is not the same as username.
- Expire Password: Enter value to set a password expiry time period.
- Not Recently Used: Enter value to restrict the user from using a number of previously used passwords when changing password.
- Minimum Length: Enter value to specify minimum length for the password length (string).
  
  Figure: Tenant Password Policy Settings
Select Save and Exit button.

Configure Expiry Policy for Credentials

Select Setup Expiration Preferences in Credential Expiry Policy section to load the expiry configuration form.

Enter maximum expiry duration in number of days for your API certificate, kubeconfig, and API token in boxes.

Figure: Set Credentials Expiry

Select Save.

Note: The default expiry is 90 days. See Credentials guide for information on how to create credentials.

Set Support Access

Allowing F5 support access, adding read write access to all namespaces, within customer tenants results in faster resolution times as the support team can access configurations, directly observe the issue, identify the cause, and troubleshoot issues more efficiently. Granting access leads to faster resolution times.

Select Administration box in F5 Distributed Cloud home page.
Select Tenant Overview in Tenant Settings section.
Select Manage Access button in Support Access section.

Figure: Support Access

Select Access Level drop-down menu.

Figure: Support Access Form
- Read Only All: Allows support personnel to view, but not modify, all namespaces in customer tenant.
- Read Write All (default setting): Allows support personnel to view and modify all namespaces in customer tenant.
- Read Write Specific Namespaces: Allows support personnel to view and modify specific namespaces in customer tenant.
  - Select Namespaces drop-down menu.
  - Select + Add Item button to add additional Namespaces options.
- Check Pause Access if needed.
Note: Allows for temporary suspension of support access to a customer tenant.

Figure: Support Access Form
Select Save and Exit button.