30-04-2021

Citrix Cloud Okta



User experience

  1. Citrix Cloud Okta Sign In
  2. Citrix Workspace Enable Sso
  3. Netscaler Gateway App
  4. Citrix Cloud Okta Portal

After install and configuration of the RADIUS agent for Citrix Gateway the end user experience should be similar to Citrix client experience before integrating with RADIUS. However end users will now be prompted for an additional validation factor after traditional login. Open mac zip file on windows.

The Citrix Gateway integrates with Okta via RADIUS or SAML 2.0. Using the Okta RADIUS Agent allows for authentication, including support for MFA to happen directly at the Citrix Gateway login page. For authentication, the agent translates RADIUS authentication requests from Citrix Gateway into Okta API calls that provide for user authentication. Although you can take advantage of Citrix hosting Workspace (cloud version of StoreFront), configuration and maintenance of the Citrix Gateway will be the responsibility of the enterprise. Similarly, the new Okta integration functionality that is currently in tech preview relies on FAS as a solution component. The Citrix Gateway supports the following versions, clients, features and factors. The following Okta features are supported: Authentication with Okta Credentials. Its now possible to bring more identities to Citrix Cloud and Okta is one of the newest options in Citrix Cloud / Identity and Access management. Its currently in tech preview. I wanted to show you how I configured it and what the experience was like.

Citrix Cloud Okta Sign In

If only a single MFA option is configured, regardless of total available, end users will only be prompted for the single active MFA after normal login.

If multiple MFA options are configured, users will first be prompted with a request to select of the the configured authentication methods. End users will enter the number corresponding to their preferred choice. After which , they will then be prompted complete that authentication method.

Single-choice MFA Authentication

Citrix Workspace Enable Sso

  1. Navigate to your VPN URL.
  2. Enter the Okta username and password.
  3. Click Logon.
  4. Answer the Okta MFA challenge.

Netscaler Gateway App

Multi-choice MFA Authentication

Okta
  1. Navigate to your VPN URL.
  2. Enter Okta username and password.
  3. Click Logon.
  4. Respond to the MFA Choice screen.
  5. Answer the chosen MFA challenge.

See MFA for more information on multifactor authentication. Upgrade mac os sierra to mojave.

  1. Log into the Citrix Gateway admin interface with admin rights.
  2. Navigate to the Configuration tab
  3. From the Configuration page, select + Citrix Gateway + Policies + Authentication + RADIUS.
  4. In the main body configuration for RADIUS select the Servers tab.
  5. Click the Add button.
  6. In the Create Authentication RADIUS Server dialog, complete all sections, selecting either Server Name or Server IP to use to define the server running the Okta RADIUS agent. The port number and secret key can be verified in the Okta RADIUS agent admin tool.
  7. Click on the More (or Details) drop down and verify Password Encoding is set to pap.
    • The available group settings and attributes can be used for Citrix permissions as required.
  8. Click OK to save the Server definition.
  9. Return to in the RADIUS section, and select the Policies tab.
  10. Click on the Policies -> Add.

Citrix Cloud Okta Portal

  • Enter a name.
  • In the the Server* drop down, select the Server Entry just created.
  • In the Expression window, for the value, enter ns_true .
    This setting sets this policy active whenever it is bound to a VIP.
    If required, more restrictive expressions can be created to allow for more control over when this RADIUS policy is applied.
  • Click OK to save the policy.
  1. In the left hand tree under Citrix Gateway, select Virtual Servers .
  2. Locate the virtual server which you want to bind Okta RADIUS onto.
  • Select the Edit button, as shown below.
  • Scroll to the Authentication section and unbind any existing policies and close the Authentication sub-window.
  • Back in the Virtual Server configuration screen, in the Authentication section, select the + (plus) on the right hand side of the section title.
  • In the Choose Policy option select RADIUS. In the Choose Type option select Primary, and then, click Continue.
  • In the Policy Binding section, click the > to select the RADIUS policy that you created in section 7, above. Click the radial button to the left of the policy and click OK (or Select).
  • Set the Priority to 10 and click Bind.
  1. In the Virtual Server configuration screen scroll to the end, and click Done.