Citrix ADC

Authentication methods

The Citrix ADC appliance can authenticate users with local user accounts or by using an external authentication server. The appliance supports the following authentication types:

  • LOCAL: Authenticates to the Citrix ADC appliance by using a password, without reference to an external authentication server. User data is stored locally on the Citrix ADC appliance.
  • RADIUS: Authenticate to an external RADIUS server.
  • LDAP: Authenticates to an external LDAP authentication server.
  • TACACS: Authenticates to an external Terminal Access Controller Access-Control System (TACACS) authentication server.
  • CERT: Authenticates to the Citrix ADC appliance by using a client certificate, without reference to an external authentication server.
  • NEGOTIATE: Authenticates to a Kerberos authentication server. If there is an error in Kerberos authentication, Citrix ADC uses NTLM authentication.

  • SAML: Authenticates to a server that supports the Security Assertion Markup Language (SAML).

  • SAML IDP: Configures the Citrix ADC to serve as a Security Assertion Markup Language (SAML) Identity Provider (IdP).

  • WEB: Authenticates to a web server, providing the credentials that the web server requires in an HTTP request and analyzing the web server response to determine that the user authentication was successful.

  • Native OTP: Citrix ADC appliance supports one-time passwords (OTPs) without having to use a third-party server.

  • Push notification: Citrix Gateway supports push notifications for OTP. Users do not have to manually enter the OTP received on their registered devices to log in to Citrix Gateway. Admins can configure Citrix Gateway such that login notifications are sent to users’ registered devices using push notification services.

  • Email OTP: The Email OTP method enables you to authenticate using the one-time password (OTP) that is sent to the registered email address. When you try to authenticate on any service, the server sends an OTP to the registered email address of the user.

  • reCaptcha authentication - Citrix Gateway supports a new first class action ‘captchaAction’ that simplifies reCaptcha configuration. As reCaptcha is a first class action, it can be a factor of its own. You can inject reCaptcha anywhere in the nFactor flow.

  • nFactor authentication: Multifactor authentication enhances the security of an application by requiring users to provide multiple proofs of identify to gain access. The Citrix ADC appliance provides an extensible and flexible approach to configuring multifactor authentication. This approach is called nFactor authentication.

  • OAuth authentication: OAuth authentication authorizes and authenticates users to services that are hosted on applications such as Google, Facebook, and Twitter.
Authentication methods