Identity Management & Cloud Security Blog

All-In-One Identity Management and Cloud Security

Emerging technologies are challenging old paradigms and unveiling new ways of approaching the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

EmpowerID has embedded innovative technologies in every aspect, providing flexible and mature IAM capabilities in the cloud, on premise and in hybrid environments, addressing the mission-critical need across increasingly heterogeneous technology environments, and meeting increasingly rigorous compliance requirements.

Adaptive 2-Factor Authentication for Citrix Netscaler

Posted by Chris Hayes on Thu, Apr 30, 2015

2-Factor for Citrix via empowerID

What is Adaptive authentication? By definition something adaptive should have a capacity or tendency toward adaptation when faced with different scenarios. empowerID has taken this concept and applied it to our class leading Radius service for Citrix and other "edge devices" like Cisco, Juniper, Palo Alto, F5 and more.

Having managed many Citrix NetScaler strong authentication projects myself I understand the challenges faced when enabling 2-factor authentication with NetScaler products.

Common questions that you should ask yourself when undertaking a project like this are.

What methods does the authentication support?
Can I migrate users by groups in the back end rather than cut everyone over at the same time?
What kind of logging and reporting is available?
How scalable is the solution?
How are the configurations stored?

So we know some of the questions you need to be aware of, let's walk through an empowerID workflow for Citrix NetScaler below.

Adaptive Auth for Citrix

Multiple users go to login to the NetScaler
The NetScaler takes in a username and password
This information is passed to empowerID's Radius endpoint
empowerID looks at the group membership of the user
One user will go through 2-factor authentication
One user will go through Single Factor authentication
Both users will be presented with the same information after authentication

This truly adaptive model means you can migrate some your users to 2-factor authentication while keeping some at single factor authentication.

So let's get back to a few key points:

What methods does the authentication support?

empowerID supports Radius, LDAP, SAML, WS-Federation, WS-Trust, OAuth and more

Can I migrate users by groups in the back end rather than cut everyone over at the same time?

Fully supported, keep everyone going to the SAML login page and empowerID will determine if the user needs 2-factor or single factor authentication.

What kind of logging and reporting is available?

empowerID's audit and reporting engine leads the pack when it comes to real time reporting and auditing. While other products can't push reports up to a central audit point empowerID doesn't have the same limitations. Built from the ground up to scale you can log into one place and review all audit reports.

How scalable is the solution?

3-tier architecture model means you can easily scale to millions of users.

How are the configurations stored?

empowerID configurations are stored in a database, the way it should be done. Not in flat web.config or .conf files, these aren't methods that scale.

Ready to learn more?

All-In-One Identity Management and Cloud Security

Adaptive 2-Factor Authentication for Citrix Netscaler

About EmpowerID

Latest Posts

Posts by category

Subscribe via E-mail