netscaler advanced guide for sms passcode

8/10/2019 Netscaler Advanced Guide for Sms Passcode

1/13

Citrix Netscaler Advanced guide forSMS PASSCODE

SMS PASSCODE 2014


2/13

Citrix Netscaler Advanced guide for SMS PASSCODE

Page 2 of 13

Citrix Netscaler Advanced guide for SMSPASSCODE.

This document outlines configuration scenarios with SMS PASSCODE and CitrixNetscaler.

Pre-requisites

In the Netscaler, you must have configured a virtual server with an authentication server setup with Radius Authentication. In the virtual server, it is possible to set authentication

policies.

Configuration of the Authentication server with Radius for

SMS PASSCODE

The Authentication server must be configures with Radius. You can create anauthentication server here System-> Authentication ->Radius".

You should create it here if also the Netscaler should use the Radius authentication server.

If the virtual servers only will use the Radius authentication server, then please navigate

here Netscaler Gateway-> Policies->Authentication->Radius.

In the pane in the right side, choose add. Now click new to create the Radiusauthentication server.


3/13


Page 3 of 13

The authentication type: Radius

Time-out: 10 seconds (optional)

Passcode Encoding: PAP

Send Calling Station ID should be check marked, if you want to use location aware

authentication.

Shared secret must be the same secret as set in the MS radius server radius client (Forconfigurations of the MS radius server please refer to the SMS PASSCODE administrators

guide).


4/13


Page 4 of 13

Now if you are ready to modify your virtual servers authentication policy


5/13


Page 5 of 13

Once you opened your virtual server, you are able to edit the policies.

This is how you should setup you session policy if you only use Radius authentication.

You are now able to edit or create a new session policy.

If you only use Radius authentication, your session policy should look like this:

(if you are publishing a Citrix Web Interface and not Storefront, then the Web Interface Addressshould most likely look like this: http//IPadress/Citrix/PNAgent/config.xml)


6/13


Page 6 of 13

Authorization with Radius and SMS PASSCODE

If you need to extract groups with Radius, please make sure that you match Vendor code(SMS PASSCODE) with Group Vendor identifier in the CAG, Attribute number with Groupattribute type, prefix with group prefix, and separator with group separator.

It is highly recommended to limit the group search to relevant groups, by adding therelevant groups in the SMS PASSCODE configuration tool.

For further information regarding the authorization pane in the SMS PASSCODEconfiguration tool, please refer to the SMS PASSCODE administrators guide.


7/13


Page 7 of 13

Configure SMS PASSCODE for co-existence witha token solution like RSA

SMS PASSCODE can co-exist with token solutions like RSA.

Scenario 1

Your token solution uses radius authentication. You configure radius forwarding from theSMS PASSCODE radius server to the Token solution radius server. This is the mostcommon scenario. SMS PASSCODE users are resolved directly from the Radius server (1)that forwards the Token Users to the Token Radius server (2).

In the SMS PASSCODE configuration tool, you set a regular expression that denies thetoken code. In example this expression for numbers: ^\d*$


8/13


Page 8 of 13

Scenario 2

You control usage by Netscaler Authentication policies.

You add 2 Authentication policies, one for SMS PASSCODE Radius and one for the Tokensolution authentication. The SMS PASSCODE authentication policy must be insertedbefore (lower number) the Token solution authentication policy.

When a SMS PASSCODE User is logging on (1), the user authenticates at the SMSPASSCODE Radius server. The Token solution user (2) is logging on; the user is at firstauthenticated with the SMS PASSCODE Radius authentication policy, which denies theuser access, because the user is not a SMS PASSCODE User. An access-Deny is thensent back to the Netscaler, and the Netscaler will now try the next in line authenticationpolicy, which is the Token solution authentication policy. Now the user will be able to gainaccess.


9/13


Page 9 of 13

Configure settings for the Citrix receiver for iPad/iPhone

with Citrix receiver 5.6+.

Please refer to section Configure Citrix Receiver for iPad/iPhone with Citrix Receiverversion older than 5.6+ if you Citrix receiver is older than version 5.6+

Introduction of Challenge response in Citrix Receiver 5.6.0 for iDevices, eliminated theneed for the SMS PASSCODE App.

To configure the Citrix Receiver, please open it, navigate to settings, and choose Accountsfrom the menu.


10/13


Page 10 of 13

To add an account please click on the + sign.

Now enter the URL of your Citrix Access Gateway Enterprise Edition / Netscaler, and clickon Next.


11/13


Page 11 of 13

Fill in the information; leave Security Token as OFF, and save the configuration.

Now you are ready to use your Citrix Receiver. Your experience should look like this (Thiswindow will show if the password has not been saved or if it is not allowed to store thepassword).


12/13


Page 12 of 13

You should now receive your One Time Passcode, and enter this. If the code correctlyentered, you click OK, and you will gain access.

If you are using Citrix Receiver for Android, the configuration should look like this:


13/13


Page 13 of 13

About SMS PASSCODE

SMS PASSCODE is the leading technology in two- and multi-factor authentication using your mobile phone. To protect

against the rise in internet based identity theft hitting both consumers and corporate employees, SMS PASSCODE offers

a stronger authentication via the mobile phone SMS serv ice compared to traditional alternatives. SMS PASSCODE

installs in minutes and is much easier to implement and administer with the added benefit that users find it an intuitively

smart way to gain better protection. The solution offers out-of-the-box protection of standard login systems such as

Citrix, Cisco, Microsoft, VMware View, Juniper and other IPsec and SSL VPN systems as well as web sites. Installed at

thousands of sites, this is a proven patent pending technology. In the last years, SMS PASSCODE has been named to

the Gartner Group Magic Quadrant on User Authentication, awarded twice to the prestigious Red Herring 100 most

interesting tech companies list, a Secure Computing Magazine Top 5 Security Innovator, InfoSecurity Guide Best two-

factor authentication, a Citrix Solution of the Year Finalist, White Bull top 30 EMEA companies, a Gazelle 2010, 2011,2012 and 2013 Fast Growth firm and a ComOn most promising IT company Award. For more information visit:

www.smspasscode.com or our blog at blog.smspasscode.com.

Configure iPad/iPhone for Web Interface

To authenticate over the web interface with Citrix receiver for iPad requires:

Citrix Receiver for iPad version 4.2 or newer

Citrix Web Interface version 5.4 or newer

When you authenticate with Citrix Receiver for iPad over the web interface the SMSPASSCODE

If the web site is configures with ns_true in policies, then this will work out of the box.

netscaler advanced guide for sms passcode

Documents