Duo integrates with on-premises NetScaler to provide two-factor authentication for remote access logins through the Advanced Authentication Policy framework. To set up Duo with Citrix Gateway, users must configure the Duo Authentication Proxy as a secondary RADIUS authentication server alongside the primary authentication system linked to Active Directory, LDAP, or another ID store.
Before installation, verify compatibility with your Citrix Gateway, ensure the firmware is version 12.1-51.16 or later, and update to Citrix Receiver or Workspace clients that support 12.1+. Additionally, check licensing requirements for the Advanced Authentication Policy. To install Duo, users need to set up the Proxy on an operating system like Windows Server 2016, CentOS 7, or Ubuntu 20.04 LTS.
After setting up the Proxy, integrate Duo with Citrix Gateway by establishing a section in the authproxy.cfg file for the Citrix Gateway, including details like the API hostname, integration key, and secret key. Start the Proxy service either through the Proxy Manager utility or command line on Windows or Unix systems. Configure Citrix Gateway settings by adding the Duo Authentication Proxy server, creating authentication and policy labels, defining an authentication Virtual Server, creating an authentication profile, and linking it to the Unified Gateway.
To test the setup, login to Citrix Gateway and complete primary authentication to prompt the Duo enrollment/login process. Consider configuring allowed hostnames for WebAuthn authentication methods. For troubleshooting, review tips for the Authentication Proxy and use the included connectivity tool to diagnose connectivity issues. For further assistance, consult the Citrix Gateway FAQ or contact Support. Lastly, the network diagram outlines the process of primary authentication to Citrix Gateway, the authentication request to Duo’s proxy, user two-factor confirmation, and granting access to Citrix Gateway.
Article Source
https://duo.com/docs/citrix-netscaler-nfactor