Configuring Two-Factor Authentication
Citrix Gateway supports two-factor authentication. Normally, when authenticating users, Citrix Gateway stops the authentication process as soon as it successfully authenticates a user through any one of the configured authentication methods. In certain instances, you may need to authenticate a user to one server, but extract groups from a different server. For example, if your network authenticates users against a RADIUS server, but you also use RSA SecurID token authentication and user groups are stored on that server, you may need to authenticate users to that server so you can extract the groups.
If users are authenticated by using two authentication types, and if one of those types is client certificate authentication, you can configure the certificate authentication policy as the second method of authentication. For example, you use LDAP as your primary authentication type and the client certificate as the secondary authentication. When users log on with their user name and password, they then have access to network resources.
When you configure two-factor authentication, you select if the authentication type is the primary or secondary type.
To configure two-factor authentication
- In the configuration utility, on the Configuration tab, expand Citrix Gateway > Policies > Authentication.
- On the Policies tab, click Global Bindings.
- In the Bind/Unbind Authentication Policies to Global dialog box, click Primary.
- Click Insert Policy.
- Under Policy Name, select the authentication policy.
- Click Secondary, repeat Steps 4 and 5 and then click OK.