Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5470 All-In-One
61626364656667686970
Configure Citrix NetScaler Gateway using DUO
To configure the Citrix NetScaler Gateway using DUO authentication, do the following:
1. Go to NetScaler > NetScaler Gateway > Virtual Servers, and click Edit.
2. Ensure that the primary authentication is RADIUS that is configured with the DUO authentication RADIUS.
3. Ensure that the secondary authentication is none.
4. Add the following INI parameter in the wnos.ini file, and configure your file server:
pnliteserver=<fqdn of NS Server> Storefront={yes,no}
For more information about configuring Citrix NetScaler Gateway with DUO authentication, see the Citrix NetScaler Gateway Guide at
www.duo.com.
Use Citrix NetScaler with CensorNet MFA authentication
SMS PASSCODE is re-branded as CensorNet MFA. You can configure NetScaler Gateway to use a One Time Passcode/Password (OTP)
in the form of a personal identification number (PIN) or passcode. To obtain this one-time password, you must install CensorNet app on
your mobile. After you enter the passcode or PIN, the authentication server invalidates the one-time password. You cannot enter the same
PIN or password again. For more information about configuring one-time passcode, see the Citrix documentation.
Prerequisites
NetScaler v12.0 and later is installed on your client.
SMS PASSCODE v9.0 SP1 is installed and configured in your network. You can download the SMS PASSCODE v9.0 file from
download.smspasscode.com/public/6260/SmsPasscode-900sp1.
Remote Authentication Dial-In User Service (RADIUS) authentication policy is configured and bind to the NetScaler gateway server.
CensorNet app is installed and configured on your mobile device.
To use the one-time passcode on ThinOS, do the following:
1. Log in to ThinOS, and connect to the NetScalar Gateway URL.
2. Enter your credentials (user ID and password), and press Enter.
The PASSCODE dialog box is displayed. You will receive a push notification from the CensorNet App on your phone with the code.
3. Click OK.
If the authentication is successful, then you are logged into the Citrix session.
Configure Citrix NetScaler using Okta
Okta provides Single Sign-On (SSO) capability using Remote Authentication Dial-In User Service (RADIUS) for Citrix Virtual Apps and
Desktops. ThinOS supports Okta through the Citrix NetScaler Gateway 11.0 or later. The Okta RADIUS Agent is used for user
authentication. The Okta RADIUS server agent assigns the user authentication to Okta using single-factor authentication (SFA) or
multifactor authentication (MFA).
For more information about configuring Citrix NetScaler Gateway to use the Okta RADIUS Agent, see the Citrix NetScaler Gateway
Radius Configuration Guide at help.okta.com.
NOTE:
On the ThinOS client, you need FQDN at the login window. If you do not use username@fqdn during login, you must
set the following INI parameter:
pnliteserver=https://<fqdn of NS Server> CAGUserAsUPN=yes
After you enable this INI parameter, the domain must use the domain.com format in the login window.
Phone authentication by using Okta is supported only in US and Canada.
Limitation
ThinOS supports only Okta with NetScaler Radius mode.
68
Configuring the connection brokers