Citrix Gateway

Configuring SafeWord Authentication

The SafeWord product line helps to provide secure authentication by using a token-based passcode. After users enter a passcode, it is invalidated by SafeWord and cannot be used again.

If Access Gateway is replacing the Secure Gateway in a Secure Gateway and Web Interface deployment, you can choose to not configure authentication on Access Gateway and continue to allow the Web Interface to provide SafeWord authentication for incoming HTTP traffic.

Access Gateway supports SafeWord authentication for the following products:

  • SafeWord 2008
  • SafeWord PremierAccess
  • SafeWord for Citrix
  • SafeWord RemoteAccess

You can configure Access Gateway to authenticate using SafeWord products in the following ways:

  • Configure authentication to use a PremierAccess RADIUS server that is installed as part of SafeWord PremierAccess and allow it to handle authentication.
  • Configure authentication to use the SafeWord IAS agent, which is a component of SafeWord RemoteAccess, SafeWord for Citrix, and SafeWord PremierAccess 4.0.
  • Install the SafeWord Web Interface Agent to support the Citrix Web Interface. You do not have to configure authentication on Access Gateway and the Citrix Web Interface can handle this. This configuration does not use the PremierAccess RADIUS server or the SafeWord IAS Agent.

When configuring the SafeWord RADIUS server, you need the following information:

  • The IP address of Access Gateway. When you configure client settings on the RADIUS server, use the Access Gateway IP address.
  • A shared secret.
  • The IP address and port of the SafeWord server.

Configuring SafeWord Authentication