NetScaler
The topic helps you ensure that all prerequisites for NetScaler configuration are met.
-
Set up NetScaler Gateway for Citrix Virtual Apps and Desktops by using one of the following methods:
-
Create a NetScaler Gateway virtual server for remotely accessing StoreFront, for users who are using Citrix Workspace app or a web browser. For details, see Integrate NetScaler Gateway with StoreFront.
-
Configure the settings on NetScaler Gateway. For details, see ConfigureNetScaler Gateway appliance by using wizards.
Note:
The XenApp and XenDesktop wizard configures the basic authentication. Secure Private Access requires advanced authentication. Therefore, you can skip the Authentication step in XenApp and XenDesktop wizard. You can configure the authentication profile later once NetScaler Gateway is created using the wizard.
-
-
Add SSL certificates to NetScaler. For details, see Install SSL certificates on a NetScaler instance.
Configuring a load balancer for StoreFront. For details, see Load balancing with NetScaler.
Configure authentication
Perform the following steps to configure authentication:
-
Configure an authentication virtual server. For details, see Authentication virtual server.
-
Configure an authentication profile. For details, see Configuring Authentication Profiles.
-
Configure nFactor authentication. For details, see nFactor authentication.
Commonly used nFactor authentication methods:
Sample authentication configurations
Multifactor authentication with conditional authentication
- Dual factor authentication with LDAP and RADIUS using dual factor schema (taking user input only once)
- Authentication log on method according to user’s departments (Employee, Partner, Vendor) in organization with drop-down menu to select the department
- Authentication log on method according to user domains with drop-down menu
- Configure email ID (or user name) input as first factor with conditional access based on group extraction with email ID at first factor and provide different logon type for each group
- Multifactor authentication using Certificate authentication for users with user certificates and Native OTP registration for non-cert users
- Different authentication type with conditional authentication according to user host name inputs
- Dual factor authentication with Native OTP authentication
- Google Re-CAPTCHA
Third-party integration with multifactor authentication
- Configure Azure AD as SAML IdP (Configure next factor as LDAP policy - NO_AUTH to complete OAuth trust)
- Conditional authentication with First factor as SAML and then custom login to certificate or LDAP based on SAML attributes
- First factor as webauth login followed by LDAP
Device posture scans (EPA)
- Device posture check for version check followed by customized login for compliant (RADIUS) and non-compliant users(LDAP)
- LDAP authentication followed by mandatory device posture scan
- Device posture check before and after AD authentication - Pre and Post-EPA as a factor
- Device Certificate as an EPA factor