Jump to content
Welcome to our new Citrix community!

nFactor PreAuth \ Post Auth Query

Recommended Posts

Hi All,


I would be grateful for any helpful advice on the below:


I have recently moved to nFactor for authentication on my Citrix ADC after upgrading to advanced (Enterprise) licensing. The majority of users are VDI only but we have a subset that require VPN instead. To this end i have created a AAA group which if you are in, after entering LDAP & RADIUS factors on the login screen you are taken to the VPN session policy (expression TRUE) bound to the AAA group and able to access the VPN successfully.


If you are not in this AAA group you go a separate session policy bound to the citrix gateway vserver (expression TRUE) and are directed to the storefront portal page for VDI access only.


This all works fine, however; to satisfy a security element we need to ensure that VPN users can only access via their work provided machines which are not AD Joined. What would be the best solution to this?


I thought perhaps adding a reg key that a pre or post EPA can check for but not sure how this would work, or should i add this as an additional nFactor? The problem i have is that i only want this check to apply to those VPN users in the AAA group, for everyone else I'm happy for them to just launch the VDI and i also want to avoid any use of classic old style expressions as i'll soon be going from 13.0.x to 13.1.x


I hope that's made sense, any suggestions or guides greatly appreciated.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...