When you installed
NetScaler Gateway and ran
the NetScaler Gateway wizard, you configured authentication within the wizard.
This authentication policy is bound automatically to the NetScaler Gateway
global level. The authentication type you configure within the NetScaler
Gateway wizard is the default authentication type. You can change the default
authorization type by running the NetScaler Gateway wizard again or you can
modify the global authentication settings in the configuration utility.
If you need to add
additional authentication types, you can configure authentication policies on
NetScaler Gateway and bind the policies to
by using the configuration
utility. When you configure authentication globally,
you define the type of authentication, configure the settings, and set the
maximum number of users that can be authenticated.
and binding the policy, you can set the priority to define which authentication
type takes precedence. For example, you configure LDAP and RADIUS
authentication policies. If the LDAP policy has a priority number of 10 and the
RADIUS policy has a priority number of 15, the LDAP policy takes precedence,
regardless of where you bind each policy. This is called
You can select to
deliver logon pages from the NetScaler Gateway in-memory cache or from the HTTP
server running on NetScaler Gateway. If you choose to deliver the logon page
from the in-memory cache, the delivery of the logon page from NetScaler Gateway
is significantly faster than from the HTTP server. Choosing to deliver the
logon page from the in-memory cache reduces the wait time when a large number
of users log on at the same time. You can only configure the delivery of logon
pages from the cache as part of a global authentication policy.
You can also
configure the network address translation (NAT) IP address that is a specific
IP address for authentication. This IP address is unique for authentication and
is not the NetScaler Gateway subnet, mapped, or virtual IP addresses. This is
an optional setting.
Note: You cannot use
the NetScaler Gateway wizard to configure SAML authentication.
You can use the
Quick Configuration wizard to configure LDAP, RADIUS, and client certificate
authentication. When you run the wizard, you can select from an existing LDAP
or RADIUS server configured on NetScaler Gateway. You can also configure the
settings for LDAP or RADIUS. If you use two-factor
authentication, Citrix recommends using LDAP as the primary authentication