Jump to content
Welcome to our new Citrix community!

NetScaler nFactor flow for auth to on-prem AD, then Azure MFA conditional access

Recommended Posts



We're trying to get an nFactor flow configured which will authenticate against on-prem AD and then go to Azure for MFA with conditional access policies, with support for push notifications (with number matching), TOTP etc). There is no FAS or ADFS configured but SSO from NetScaler Gateway to Storefront/VDAs is required. This is only needed for external connections coming in through the Gateway VIP. All CVAD is on-prem, not Citrix Cloud.


There is an article here which has a brief description of an example which seems exactly what we're looking for, but there's no details on how to achieve this that I can see? https://community.netscaler.com/s/article/NetScaler-Gateway-Microsoft-Azure-Part-1




Is there any info/examples on how to get this set up for browser and Workspace App logins which explain the the full nFactor flow configuration needed for this? From what I gather it needs to do something along the lines of:


1. Prompt for username and password (UPN or sAMAccountName) in the NS Gateway login UI

2. Store the user/pass securely (so it can be passed through to Storefront/VDAs)

3. Send user/pass to AAD (or redirect to Azure MFA UI?), Conditional Access policies can then check MFA requirement/registration and prompt the user for MFA with push notification/number matching and NetScaler will allow the login (or deny it if the user is not registered)



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...