Citrix Gateway

Configuring a NetScaler Gateway application on the Azure portal

The following section lists steps to configure a NetScaler Gateway application on the Azure portal.


  • Azure global admin credentials
  • Intune licensing is enabled
  • For Intune Integration you need to create a NetScaler Gateway application on Azure portal.
  • Once the NetScaler Gateway application is created, configure the OAuth policy on NetScaler Gateway using the following application specific information:
    • Client ID / Application ID
    • Client Secret / Application Key
    • Azure Tenant ID
  • NetScaler Gateway uses the app client id and client secret to communicate with Azure and check for NAC compliance.

To create NetScaler Gateway App on Azure

  1. Log in to
  2. Click Azure Active Directory.
  3. Click App registrations and click New registration.

    Azure app registration

  4. On the Register an application page, enter an app name and click Register.

    Name of app

  5. Navigate to Authentication, click Add URI, enter FDQN for NetScaler Gateway, and click Save.

    Redirect URL

  6. Navigate to the Overview page to get Client ID, Tenant ID, and Object ID.

    Overview page

  7. Navigate to API permissions and click Add a permission.

    API permission

  8. Click the Microsoft Graph tile to configure API permissions for Microsoft Graph.

    MS graph

  9. Click the Delegated permissions tile.

    API permission for MS graph

  10. Select the following permissions, and click Add permissions.

    • Email
    • openid
    • Profile
    • Directory.AccessAsUser.All
    • User.Read
    • User.Read.All
    • User.ReadBasic.All

    API permission 1

    API permission 2

    API permission 3

  11. Click the Intune tile to configure API permissions for Intune.

    Intune tile

  12. Click the Application permissions tile and the Delegated permissions tile to add permissions for Get_device_compliance and Get_data_warehouse respectively.

    API permission for intune

  13. Select the following permissions and click Add permissions.
    • Get_device_compliance - Application permissions
    • Get_data_warehouse - Delegated permissions

    API permission get device

    API permission get warehouse

  14. The following page lists the configured API permissions.

    List of API permission

  15. Navigate to Certificates & secrets and click New client secret.

    New client secret

  16. Under the Add a client secret page, enter description, select expiry, and click Add.

    API permission

  17. The following screen shows the configured client secret.


    The client secret is displayed only once when it is generated. You must copy the displayed client secret locally. Use the same client secret along with client ID associated with the newly registered app while configuring the OAuth action on the NetScaler Gateway appliance for Intune.

    API permission

The application configuration on Azure portal is now complete.

Configuring a NetScaler Gateway application on the Azure portal