Citrix Net Scaler With Ipad
Citrix Net Scaler With Ipad
Citrix Net Scaler With Ipad
Contact information
SecurEnvoy
Phil Underwood
www.securenvoy.com
1210 Parkview
Arlington Business Park
Theale
Reading
RG7 4TY
Punderwood@securenvoy.com
Confidential
0845 2600010
Page 1
Confidential
Page 2
Index
1.0
2.0
3.0
4.0
5.0
6.0
1.0
Pre Requisites
It is assumed that the Citrix Net Scaleris setup and operational. An existing Domain user can
authenticate using a Domain password and access applications, your users can access
through SSL using Domain accounts.
Securenvoy Security Server has a suitable account created that has read and write privileges
to the Active Directory, if firewalls are between the SecurEnvoy Security server, Active
Directory servers, and the Citrix server, additional open ports will be required.
NOTE: SecurEnvoy requires LDAP connectivity either over port 389 or 636 to the Active
Directory servers and port 1645 or 1812 for RADIUS communication from the Citrix Net
Scaler (Access Gateway).
NOTE: Add radius profiles for each Citrix server that requires Two-Factor Authentication.
Confidential
Page 3
2.0
This document describes how to configure Access Gateway Enterprise to use RADIUS
authentication as the secondary authentication, and LDAP as primary for the iPhone, iPad,
and Android devices.
In the Access Gateway Configuration Utility, navigate to Access Gateway, Virtual
Servers and then select the Authentication tab
1. Locate your existing LDAP policy for Microsoft Domain authentication and then select
the Secondary button under authentication policies.
2. Create an authentication policy for SecurEnvoy and then select Configure
Authentication server and set up for authentication type RADIUS, assign the IP
address for the SecurEnvoy server and enter the pre shared secret.
3. Set the Password encoding to PAP.
Click OK when complete.
Confidential
Page 4
Once completed, navigate to session profile, populate Published applications and enter
the path for PNAgent directory.
Confidential
Page 5
3.0
Configuration of SecurEnvoy
To help facilitate an easy to use environment, SecurEnvoy can be set up to only authenticate
the passcode component as both authentication servers that are required to authenticate a
remote user.
SecurEnvoy supplies the second factor of authentication, which is the dynamic one time
passcode (OTP) which is sent to the users mobile phone.
Launch the SecurEnvoy admin interface, by executing the Local Security Server
Administration link on the SecurEnvoy Security Server.
1. Click the Radius Button
2. Enter IP address and Shared secret for each Citrix Web Interface server that wishes
to use SecurEnvoy Two-Factor authentication.
3. Make sure the Authenticate Passcode Only (Pin not required) checkbox is ticked.
4. Select the domains that can authenticate from this Radius profile
5. Press Update
6. Now Logout
Confidential
Page 6
4.0
Confidential
Page 7
5.0
Confidential
Page 8
6.0
Support for Web based and iPhone users on same Citrix Server
Confidential
Page 9
Confidential
Page 10