Alex Booth Posted January 11 Share Posted January 11 Hi, We're trying to get an nFactor flow configured which will authenticate against on-prem AD and then go to Azure for MFA with conditional access policies, with support for push notifications (with number matching), TOTP etc). There is no FAS or ADFS configured but SSO from NetScaler Gateway to Storefront/VDAs is required. This is only needed for external connections coming in through the Gateway VIP. All CVAD is on-prem, not Citrix Cloud. There is an article here which has a brief description of an example which seems exactly what we're looking for, but there's no details on how to achieve this that I can see? https://community.netscaler.com/s/article/NetScaler-Gateway-Microsoft-Azure-Part-1 Is there any info/examples on how to get this set up for browser and Workspace App logins which explain the the full nFactor flow configuration needed for this? From what I gather it needs to do something along the lines of: 1. Prompt for username and password (UPN or sAMAccountName) in the NS Gateway login UI 2. Store the user/pass securely (so it can be passed through to Storefront/VDAs) 3. Send user/pass to AAD (or redirect to Azure MFA UI?), Conditional Access policies can then check MFA requirement/registration and prompt the user for MFA with push notification/number matching and NetScaler will allow the login (or deny it if the user is not registered) Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now