-
-
Configuring the VPN User Experience
-
How User Connections Work with the NetScaler Gateway Plug-in
-
Integrating the NetScaler Gateway Plug-in with Citrix Receiver
-
-
Maintaining and Monitoring the System
-
Deploying with XenMobile App Edition, XenApp, and XenDesktop
-
Accessing XenApp and XenDesktop Resources with the Web Interface
-
Configuring Additional Web Interface Settings on NetScaler Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
-
Configuring Settings for Your XenMobile Environment
-
Configuring Load Balancing Servers for XenMobile or Citrix Endpoint Management
-
Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
-
Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering
-
Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps
-
Configuring Domain and Security Token Authentication for XenMobile
-
Configuring Client Certificate or Client Certificate and Domain Authentication
-
-
NetScaler Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
-
Configuring Network Access Control device check for NetScaler Gateway virtual server for single factor authentication deployment
-
Configuring NetScaler Gateway Virtual Server for Microsoft ADAL Token Authentication
-
Proxy Auto Configuration for Outbound Proxy support for NetScaler Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configuring Network Access Control device check for the NetScaler Gateway virtual server for single factor login
Important:
The following section lists steps to configure Intune with NetScaler Gateway. For information on configuring a NetScaler Gateway application on the Azure portal to obtain Client ID, Client Secret, and Tenant ID, refer Azure product documentation.
NetScaler Enterprise Edition license is required for the following functionality.
To add a NetScaler Gateway Virtual Server with nFactor for Gateway deployment
-
Navigate to NetScaler Gateway > Virtual Servers.
-
Click Add.
-
Provide the required information in the Basic Settings area and click OK.
-
Select Server Certificate.
-
Select required server certificate and click Bind.
-
Click Continue.
-
Click Continue.
-
Click Continue.
-
Click the plus icon [+] next to Policies and select Session from the Choose Policy list and select Request from the Choose Type list and click Continue.
-
Click the plus icon [+] next to Select Policy.
-
On the Create NetScaler Gateway Session Policy page, provide a name for the Session policy.
-
Click the plus icon [+] next to Profile and on the Create NetScaler Gateway Session Profile page, provide a name for the Session profile.
-
On the Client Experience tab, click the check box next to Clientless Access and select Off from the list.
-
Click the check box next to Plug-in Type and select Windows/Mac OS X from the list.
-
Click Advanced Settings and select the check box next to Client Choices and set its value to ON.
-
On the Security tab, click the check box next to Default Authorization Action and select Allow from the list.
-
On the Published Applications tab, click the check box next to ICA Proxy and select OFF from the list.
-
Click Create.
-
Enter NS_TRUE under Expression area on the Create NetScaler Gateway Session Policy page.
-
Click Create.
-
Click Bind.
-
Select Authentication Profile in Advanced Settings.
-
Click the plus icon [+] and provide a name for the Authentication Profile.
-
Click the plus icon [+] to create an authentication virtual server.
-
Specify name and IP address type for authentication virtual server under Basic Settings area and click OK. The IP address type can be Non Addressable as well.
-
Click Authentication Policy.
-
Under the Policy Binding view, click the plus icon [+] to create an authentication policy.
-
Select OAUTH as an Action Type and click the plus icon [+] to create an OAuth action for NAC.
-
Create an OAuth action using Client ID, Client Secret, and Tenant ID.
Client ID, Client Secret, and Tenant ID are generated after configuring the NetScaler Gateway application on the Azure portal.
Ensure that you have an appropriate DNS name server configured on your appliance to resolve and reach
https://login.microsoftonline.com/
,https://graph.windows.net/
, and *.manage.microsoft.com. -
Create authentication policy for OAuth Action.
Rule:
http.req.header("User-Agent").contains("NAC/1.0")&& ((http.req.header("User-Agent").contains("iOS") && http.req.header("User-Agent").contains("NSGiOSplugin")) || (http.req.header("User-Agent").contains("Android") && http.req.header("User-Agent").contains("CitrixVPN")))
-
Click the plus icon [+] to create the nextFactor policy label.
-
Click the plus icon [+] to create a login schema.
-
Select noschema as an authentication schema and click Create.
-
After selecting the created login schema, click Continue.
-
In Select Policy, select an existing authentication policy for user login or click the plus icon + to create an authentication policy. For details on creating an authentication policy, see Configuring advanced authentication policies.
-
Click Bind.
-
Click Done.
-
Click Bind.
-
Click Continue.
-
Click Done.
-
Click Create.
-
Click OK.
-
Click Done.
To bind authentication login schema to authentication virtual server to indicate VPN plug-ins to send device ID as part of /cgi/login request
-
Navigate to Security > AAA - Application Traffic > Virtual Servers.
-
Select the previously selected virtual-server and click Edit.
-
Click Login Schemas under Advanced Settings.
-
Click Login Schemas to bind.
-
Click [>] to select and bind the existing builtin login schema policies for NAC device check.
-
Select the required login schema policy appropriate for your authentication deployment and click Select.
In the explained deployment, single factor authentication (LDAP) along with the NAC OAuth Action policy is used, hence lschema_single_factor_deviceid has been selected.
-
Click Bind.
-
Click Done.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.