Product Documentation

Providing RSA SecurID authentication for Android devices

Feb 14, 2017

If you configure the NetScaler Gateway for RSA SecurID authentication, the Citrix Receiver supports Next Token Mode. With this feature enabled, if a user enters three (by default) incorrect passwords, the NetScaler Gateway plug-in prompts the user to wait until the next token is active before logging on. The RSA server can be configured to disable a user's account if a user logs on too many times with an incorrect password.

For instructions on configuring authentication, see Authentication and Authorization.


RSA SecurID authentication is not supported for Secure Gateway configurations. To use RSA SecurID, use the NetScaler Gateway.

Installing RSA SecurID Software Tokens

An RSA SecurID Software Authenticator file has an .sdtid file extension. Use the RSA SecurID Software Token Converter to convert the .sdtid file to an XML-format 81-digit numeric string. Obtain the latest software and information from the RSA Web site.

Follow these general steps:
  1. On a computer (not a mobile device), download the converter tool from: Follow the instructions on the Web site and in the Readme included with the converter tool.
  2. Paste the converted numeric string into an email and send it to user devices.
  3. On the mobile device, make sure that the date and time are correct, which is required for authentication to occur.
  4. On the device, open the email and click the string to start the software token import process.

After the software token is installed on the device, a new option appears in the Settings list to manage the token.


For mobile devices that do not associate the .sdtid file with Receiver, change the file extension to .xml and then import it.