Comments on: Configuring Citrix NetScaler Gateway with Azure MFA

By: Adrian

Adrian — Wed, 21 Sep 2016 13:58:44 +0000

In reply to Simon. Simon, This can be achieved by setting up a dummy NPS/IAS Server (I just installed in on the MFA servers) that has policies set so they accept all requests and don't authenticate the user and setting MFA to authenticate against these RADIUS servers instead of AD/LDAP. It turns the MFA's into a dumb 2nd factor similar to what RSA does. We have our NetScalers doing Radius against the MFA's first, which doesn't check the AD password and enables OATH/SMS OTP's, then when that succeeds the NetScalers do LDAP authentication which allows for password changes etc.

By: Simon

Simon — Mon, 25 Jul 2016 05:05:37 +0000

Great to have two factor authentication… but you will notice that when your password expires you will no longer be able to log in. You can make that work with LDAPS, but LDAPS wont work with OATH tokens. Figure out how to make all that work (with password expiring when using OATH token and I’ll use it =)

By: Gaurav

Gaurav — Tue, 17 Nov 2015 20:51:54 +0000

Such a really good post , which tells a brief explanation how to use Microsoft Azure with netscaler
Kees , can you please tell me
Can we configure Microsoft azure authentication with SAML Policy configured on Netscaler gateway.

By: Will

Will — Fri, 26 Sep 2014 13:23:02 +0000

Great post documenting this install! Having done this a few times – very important to increase the timeout value as user’s phones are not always close them during authentication!

Additionally, it can be beneficial to not “require user match” throughout the migration phase and then enable once all users are secured using MFA.