Configure Citrix Netscaler gateway
Configure Citrix Netscaler to use the Okta RADIUS Server agent.
You can integrate Citrix Gateway with Okta using RADIUS or SAML 2.0. Using the Okta RADIUS Agent allows for authentication (including multifactor authentication (MFA) support) to occur at the Citrix Gateway login page. For authentication, the agent translates RADIUS authentication requests from the Citrix Gateway into Okta API calls that provide for user authentication.
To integrate using SAML 2.0:
- In the Admin Console, go to .
- Click Browse App Catalog.
- Search for Citrix Gateway and select the matching app that supports SAML and SWA.
- Click Add Integration.
Before you begin
See Citrix Gateway supported versions, clients, features, and factors.
Meet the following network connectivity requirements before you install the Okta RADIUS agent:
| Source | Destination | Port/Protocol | Description |
|---|---|---|---|
| Okta RADIUS Agent | Okta Identity Cloud | TCP/443 HTTP |
Configuration and authentication traffic. |
| Client Gateway | Okta RADIUS Agent | UDP/1812 RADIUS (Default, you can change this when you install and configure the RADIUS app) | RADIUS traffic between the gateway (client) and the RADIUS agent (server). |
Typical workflow
|
Task |
Description |
|---|---|
| Download the RADIUS agent | In the Admin Console, go to . Download the appropriate Okta RADIUS Agent for your environment. For throughput, availability and other considerations, see Okta RADIUS Server Agent Deployment Best Practices. |
| Install the Okta RADIUS Agent. | Install Okta RADIUS Server agent on Windows |
| Configure application | In your Okta org, configure the Citrix Gateway application. |
| Configure gateway | Use the Citrix Gateway configuration tool to Configure Citrix Gateway. |
| Configure optional settings | Configure optional settings (for example, vendor-specific attributes). |
Other considerations
- Citrix Gateway doesn't support first time Okta set up for users. All users using Okta MFA at Citrix gateway must first sign in to their Okta portal and configure MFA. You can use rewrite policies or CCS-style sheet customizations to add links to the Citrix Gateway login page to direct first time users to their Okta login portal for initial registration.
- Citrix Gateway doesn't feature a self-service password reset. You can use rewrite policies or page customizations to add a link to the Gateway login page that directs a user to their Okta tenant password reset page.