We're trying to get an nFactor flow configured which will authenticate against on-prem AD and then go to Azure for MFA with conditional access policies, with support for push notifications (with number matching), TOTP etc). There is no FAS or ADFS configured but SSO from NetScaler Gateway to Storefront/VDAs is required. This is only needed for external connections coming in through the Gateway VIP.
Is there any info/examples on how to get this set up for browser and Workspace App logins which explain the the full nFactor flow configuration needed for this? From what I gather it needs to do something along the lines of:
1. Prompt for username and password (UPN or sAMAccountName) in the NS Gateway login UI
2. Store the user/pass securely (so it can be passed through to Storefront/VDAs)
3. Send user/pass to AAD (or redirect to Azure MFA UI?), Conditional Access policies can then check MFA requirement/registration and prompt the user for MFA with push notification/number matching and NetScaler will allow the login (or deny it if the user is not registered)
Question
Alex Booth
Hi,
Edit: sorry - I posted this in the Citrix Cloud forum by accident - this is related to onprem. New post was made here: https://discussions.citrix.com/topic/419875-netscaler-nfactor-flow-for-auth-to-on-prem-ad-then-azure-mfa-conditional-access/
We're trying to get an nFactor flow configured which will authenticate against on-prem AD and then go to Azure for MFA with conditional access policies, with support for push notifications (with number matching), TOTP etc). There is no FAS or ADFS configured but SSO from NetScaler Gateway to Storefront/VDAs is required. This is only needed for external connections coming in through the Gateway VIP.
There is an article here which has a brief description of an example which seems exactly what we're looking for, but there's no details on how to achieve this that I can see? https://community.netscaler.com/s/article/NetScaler-Gateway-Microsoft-Azure-Part-1
Is there any info/examples on how to get this set up for browser and Workspace App logins which explain the the full nFactor flow configuration needed for this? From what I gather it needs to do something along the lines of:
1. Prompt for username and password (UPN or sAMAccountName) in the NS Gateway login UI
2. Store the user/pass securely (so it can be passed through to Storefront/VDAs)
3. Send user/pass to AAD (or redirect to Azure MFA UI?), Conditional Access policies can then check MFA requirement/registration and prompt the user for MFA with push notification/number matching and NetScaler will allow the login (or deny it if the user is not registered)
Thanks
Link to comment
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now