Jump to content
Welcome to our new Citrix community!

Netscaler native OTP without Active Directory?


Nils Liebherr

Recommended Posts

Hi!

 

Is it possible to deploy Netscaler native OTP without the need for Active Directory? Using local user accounts and otp secret stored locally on the netscaler?

We are thinking of a emergency vpn solution that still works when AD is broken (to be able to fix the AD remotely)

 

Thanks for any idea!

Link to comment
Share on other sites

Native OTP needs an active directory attribute to store the token, I‘m pretty sure there is no other option to store the token.

A simple and low-cost radius solution is LinOTP, in a setup I am using NetScaler with local aaa users and local LinOTP users, no active directory in place. Login with 2FA is working fine, maybe this helps.

 

Best Regards

Julian

Link to comment
Share on other sites

Hi Julian,

 

thanks for your reply.

We used PrivacyIDEA for 2FA previously, but that's another system you have to care about (like LinOTP would be as well)

At the moment, we move all applications to use O365 for authentification. That's fine, as long everything works as expected.

 

But if anything breaks, we need some kind of backup vpn solution which depends on as little other system as possible.

Of course we can use Netscaler with local users, but we would like to add some additional security using 2FA.

Native OTP without the need of an external system would have been great.

 

At least, I don't understand the technical need for AD here.

The Netscaler can save the password of my local user, so why can't it save the token locally?

 

Best regards

Nils

Link to comment
Share on other sites

  • 2 months later...

hey,

we are using one adc and one storefront/licensing machine with standard features. what would be the best approach to get other users within the same windows domain to use a enterprise features like mfa?

 

is it a) same adc, second storefront is it b) new adc, new storefront is it c) you name it

regards

 

myccpay

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...