Jump to content
Welcome to our new Citrix community!

Okta SAML Universal Directory - Authorization Policy


Recommended Posts

Hello

 

I have built a full SSL VPN with SAML as the primary going to OKTA using the universal directory so no LDAP. The VPN works however when the Default Authorization policy is set to Deny I don’t have any method of binding an authorization Policy policy to a AAA Group as I don’t have any group extraction. 

 

Any ideas on how to do this? 

Link to comment
Share on other sites

Assuming you are communicating with Okta using radius - first off check with Okta / their documentation, for necessary configuration to send back group iinfo when a user authenticates. On Gateway side you can configure radius group extraction, see below links.

 

 

https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/configure-radius/ng-authorize-radius-group-extraction-con.html

https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/configure-radius/ng-authorize-radius-group-extraction-con/ng-authorize-radius-config-tsk.html

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...