Product Documentation

How nFactor Authentication Works

Aug 31, 2016

Imagine a user requesting access to an application that requires user credentials. As is the case in NetScaler deployments, the request arrives at the NetScaler through a traffic management virtual server (in this case, a load balancing virtual server). Since the user must provide authentication credentials, the load balancing virtual server redirects the request to the authentication virtual server, which does the following:

  1. Checks to determine whether any login schema policies are associated with the authentication virtual server.

    - If yes, the user is presented the login form associated with the login schema policy with the highest priority that evaluates to true.

    - If no, the default login form is presented to the user.

    Note: The default login schema files are available in the /nsconfig/loginschema/LoginSchema/ directory of the NetScaler appliance. Citrix recommends that you copy these files to the /nsconfig/loginschema/ directory before using them, so that changes made to the files are preserved post reboot. 

  2. The authentication policies that are associated with the authentication virtual server are evaluated. For the policies that are evaluated to true, the actions are executed in order of priority until one of the actions succeeds.

  3. The policy label that is associated as the next factor is invoked.

  4. The authentication policies that are associated with the authentication policy label are evaluated. For the policies that are evaluated to true, the actions are executed in order of priority until one of the actions succeeds.

  5. The policy label that is associated as the next factor is invoked.

  6. Steps 4 and 5 are performed repetitively till all the configured next factors are executed.