Configuring RSA SecurID Authentication
When configuring the RSA/ACE server for RSA SecureID authentication, you need to complete the following steps:
Configure the RADIUS client with the following information:
- Provide the name of the Citrix Gateway appliance.
- Provide a description (not mandatory).
- Provide the system IP address.
- Provide the shared secret between Citrix Gateway and the RADIUS server.
- Configure the make/model as Standard RADIUS.
In the agent host configuration, you need the following information:
Provide the fully qualified domain name (FQDN) of Citrix Gateway (as it appears on the certificate bound to the virtual server). After providing the FQDN, click the Tab key and the Network Address window populates itself.
After you enter the FQDN, the network address automatically appears. If it does not, enter the system IP address.
Provide the Agent Type by using Communication Server.
Configure to import all users or a set of users who are allowed to authenticate through Citrix Gateway.
If it is not already configured, create an Agent Host entry for the RADIUS server, including the following information:
Provide the FQDN of the RSA server.
After you enter the FQDN, the network address automatically appears. If it does not, provide the IP address of the RSA server.
Provide the Agent Type, which is the RADIUS server.
For more information about configuring an RSA RADIUS server, see the manufacturer’s documentation.
To configure RSA SecurID, create an authentication profile and policy and then bind the policy globally or to a virtual server. To create a RADIUS policy to use RSA SecurID, see Configuring RADIUS Authentication.
After creating the authentication policy, bind it to a virtual server or globally. For more information, see Binding Authentication Policies.