Jump to content
Welcome to our new Citrix community!

Netscaler Gateway Authenticating via Azure MFA (Conditional Access) or MFA NPS

Recommended Posts

Hi there,


I'm attempting to configure the Netscaler Gateway as a SAML SP and also have Azure MFA as the second factor.


The SAML SP integration part is done and is relatively straight forwards.


However, has anyone been able to configure nFactor SAML SP and Azure MFA (NPS Radius Extension) to perform two factor (SAML + Radius MFA)


I've tried an alternative method which is to use Azure SAML and Conditional Access (Azure MFA (not the server or the NPS plugin) and it seems to work well for guest BYOD devices on Windows 10.


However, in this alternative method, for Azure domain joined devices on Windows 10 devices, when access the Netscaler Gateway, it redirects to Azure's login page, automatically logs in and then gets redirected back to the Netscaler Gateway/Storefront and is logged in automatically.  (i.e no second factor is requested of the user).  I'd expect Azure Conditional Access to trigger the MFA but it doesn't happen.  


Has anyone else seen this behaviour?

Link to comment
Share on other sites

  • 9 months later...

Did you ever get this straighten out? I have nFactor working great and on a domain joined workstation I'm prompted for username and password then MFA from Azure, however on a guest workstation I'm prompted for username and password on the ADC, but when it goes to Azure the username is lost.  Any help would be helpful.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...