Jump to content
Welcome to our new Citrix community!

Using Azure MFA with Citrix ADC


Recommended Posts

We have a  customer (let’s call them Bob’s Baskets) currently accesses their financials web app directly, using AAD. This is the relevant section of web.config:

 

<add key="ida:ClientId" value="blahblah-blah-blah-blah-blahblahblah" />

<add key="ida:ClientSecret" value="blahblahblahblahblahblahblahblahbl" />

<add key="ida:AADInstance" value="https://login.microsoftonline.com/" /> 

<add key="ida:TenantId" value="blahblah-blah-blah-blah-blahblahblah" />

<add key="ida:RedirectUri" value="https://blah.blahblahblah.civicahosting.co.uk/login.aspx" />

<add key="ida:PostLogoutRedirectUri" value="https://blah.blahblahblah.civicahosting.co.uk/logout.aspx" />

 

 

This platform is multi-tenant and each tenant’s access is restricted to their outgoing IP address, apart from Bob’s that is – they want it to be accessible from any public IP. That represents a risk to the other customers, so to maintain security I have suggested we use an ADC to form a hard barrier at the perimeter. This will be configured to allow web app access to legitimate users, via AAD SSO. The customer uses Azure MFA for any AAD login, but rather than take their word for it, we need to ensure they authenticated with MFA. How, using the ADC, can we ensure that all users have passed MFA authentication and not just used username / password? Is this even possible?

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...