Skip to main content

Citrix ADC SAML

Introduction#

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

Citrix™ ADC (formerly Netscaler) is an application delivery and load balancing solution that gives a high-quality user experience of web services and cloud-native applications, wherever hosted. Acceptto, as a Citrix Ready Partner, offers a simple method for adding MFA to Citrix ADC via its SAML solution.

Pre-Requisites#

  1. An Acceptto account with a configured Identity Provider and LDAP Agent. (See this page for the instructions)
  2. A user with administrative privileges for Citrix ADC.

Acceptto SAML Configuration as Identity Provider (IdP)#

  1. Login to the Acceptto Dashboard with an administrative account and go to Applications.
  2. Create a new application by selecting the Create New Application.

Create new application

  1. In the New Application form, enter the following values under the General tab.

    • Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs (e.g. Citrix ADC)
    • Type - Select "SAML Service Provider" from the options
    • Out of Band Methods - Select the allowed methods for approving MFA requests
    • Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)

    New application settings

  2. Under the SAML Service Provider Configuration tab, enter the following values:

    • Issuer or Entity ID – The Issuer/EntityID of your Citrix ADC instance (e.g. CitrixADC.example.com).
    • Sign in URL - The link used by your users to access the Citrix ADC(e.g. https://ADC.example.com).
    • Metadata URL - The URL containing metadata about your Citrix ADC instance (e.g. https://adc.example.com/metadata/samlsp/SAML-Acceptto)

    SAML service provider settings

  3. Click Save.

Citrix ADC Configuration#

  1. Download the SAML metadata and certificate for your organization from Acceptto.

    Metadata Download at https://sso.acceptto.com/<myorganization>/saml/download/metadata or view at https://sso.acceptto.com/<myorganization>/saml/metadata

    Certificate Download at https://sso.acceptto.com/<myorganization>/saml/download/cert

  2. Login to your Citrix ADC with an administrative account.

  3. Navigate to Traffic Management > SSL > SSL Certificate.

SSL certificate

  1. Upload the X.509 certificate file you got from Acceptto SAML Appliance earlier.

Install server certificate

  1. Connect to Citrix ADC via SSH and insert the following command (Change the values based on your configurations):
add authentication samlaction {NAME} -samlIDPCertName {IDP Certificate Name} -samlSigningCertName {Signing Certificate Name} -samlredirectUrl {Redirect URL} 

For example, the command could be:

add authentication samlaction SAML-Acceptto -samlIDPCertName SAML-Acceptto -samlSigningCertName lab.acceptto-com.pfx_CERT_KEY -samlredirectUrl https://saml.acceptto.com/saml/auth
  1. Navigate to the Configuration tab, and select Citrix Gateway from the menu and select Policies > Authentication> SAML>.

Citrix SAML servers

  1. Select the Policies tab and click ADD. Then, fill the items like the following image and click Ok.

Configure auth saml policy

  1. Go to the Citrix Gateway > Virtual Servers and select the virtual server you want to add SAML authentication to it and click Edit.

Citrix Gateway virtual servers

  1. Go to Basic Authentication and choose SAML as a Primary policy and click on Continue. Then, select the SAML policy created earlier and click Bind and Done.

SAML policy

SAML policy type

Test Your Setup#

  1. Go to your Citrix Gateway Virtual Server link you got from the previous section. You will be redirected to the Acceptto SAML page.

SAML sign-in page

  1. After successful authentication, you’ll see the Acceptto MFA options, select your desired method. Then, pass the verification stage on your It’sMe mobile app.

eGuardian MFA selection

  1. Finally, you will be redirected to your Citrix ADC landing page.

Citrix landing page

Support#

If you require assistance, please email us at support@acceptto.com.

Sales#

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer#

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.

Citrix, ADC, and ‘ADC’ are either registered trademarks or trademarks of Citrix and/or one or more of its subsidiaries in the United States and/or other countries. Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.

Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.