Azure MFA implementation

[Torsten Thomsen]

Hi

 

We have a test setup using Azure MFA based on some specific IP addresses to see how it works compared to our existing MFA solution.

Seems to work fine when you are using standard SMS where the user has to type in a code

 

When you are using Microsoft Authenticator App with notification the Netscaler Webpage are just waiting for the response without letting users know what is happening. I would really like the webpage to show a message to the user e.g. "Please check your phone".

Any ideas to solve that?

 

Thanks

 

/Torsten

 

 

[Julian Jakob]

It's not directly possible but I can recommend to use nFactor and set a specific Login Schema where you can put a Infobox in front of the Login for example "Press Go and check your phone to continue" or sth. else.

 

Checkout this post from george on how to setup nFactor with Azure MFA: https://www.jgspiers.com/nfactor-authentication-with-netscaler-gateway/ 

 

Regards

Julian

[Rasmus Kindberg]

This might be related to an issue I raised with CItrix Support. It seems that using RfWebUI + iPhone + mobile app to receive the OTP code is not working correctly (it is javascript code in RfWebUI that is not compatible with recent iPhone changes from Apple). It is specifically the swap from Safari (on phone) to Authenticator app and back to Safari again that was failing for us.

 

Do you get the same issue if you use android? You could also test this using 2 iphones, iphone #1 is doing the Netscaler login and iphone #2 is the one with the authenticator app which receives OTP (this way, the #1 phone never has to 'leave' Safari app during logon).

 

The response from Citrix was that this is an Apple issue (which I strongly disagree with) and Citrix wasn't gonna pursue a solution. In our case we decided to just use X1 Theme instead of RfWebUI (since X1 theme doesn't have the same 'faulty' javascript), but this gives worse user experience due to X1 not adapting to phone screen size resolution.