Authentication and Authorization
NetScaler Gateway employs a flexible authentication design that permits extensive customization of user authentication for NetScaler Gateway. You can use industry-standard authentication servers and configure NetScaler Gateway to authenticate users with the servers. NetScaler Gateway also supports authentication based on attributes present in a client certificate. NetScaler Gateway authentication is designed to accommodate simple authentication procedures that use a single source for user authentication, as well as more complex, cascaded authentication procedures that rely upon multiple authentication types.
NetScaler Gateway authentication incorporates local authentication for the creation of local users and groups. This design centers around the use of policies to control the authentication procedures that you configure. The policies you create can be applied at NetScaler Gateway global or virtual server levels and can be used to set authentication server parameters conditionally based on the user’s source network.
Because policies are bound either globally or to a virtual server, you can also assign priorities to your policies to create a cascade of multiple authentication servers as part of authentication.
NetScaler Gateway includes support for the following authentication types:
- Lightweight Directory Access Protocol (LDAP)
- Client certificate authentication (including smart card authentication)
NetScaler Gateway also supports RSA SecurID, Gemalto Protiva, and SafeWord. You use a RADIUS server to configure these types of authentication.
While authentication allows users to log on to NetScaler Gateway and connect to the internal network, authorization defines the resources within the secure network to which users have access. You configure authorization with LDAP and RADIUS policies.