Jump to content
Welcome to our new Citrix community!

Leverage Azure MFA for two factor but not require a FAS server or NPS server

Recommended Posts

I am trying to leverage Azure MFA for two factor authentication but would like to use the Azure based landing page for prompting the user for MFA. I do not want to build an FAS infrastructure as all I want to do is prompt for user name and password then provide these details to azure MFA page so users are not entering data more than once. Then users can launch citrix resources without entering credentials at the MS GINA.


I think this should be possible via nFactor authentication but I cannot find any supporting documentation that details this work flow. I've leveraged the NPS with MFA extension which works, but users get confused when using the authenticator app as there is no prompt on the screen.


Ideally the auth flow would be:

User name and password on Unified GW -> feeds username and password to azure SAML MFA page which then tells user they are being prompted or asks for the token code -> SSO into published apps and desktops with out FAS.



Link to comment
Share on other sites

  • 2 weeks later...

You could use nFactor where ldap is the second factor to authenticate to storefront, avoiding the need for FAS.  Issue here is the user will need to enter password twice, as passwords are not in the saml ticket. 


Easiest fix is to use Azure MFA server and point the gateway second factor there using radius. Set MFA server to the MS authenticator app and you are done. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...