MFA for Citrix Gateway

Multi-Factor Authentication for Citrix Gateway

Industry Insight

Multi-Factor Authentication for Citrix Gateway

Citrix is a global leader to deliver corporate applications to users located anywhere, mainly using the technology for remote access when they work from home or when they remotely connect to systems in other offices and regions.

Let us understand how to protect Citrix Gateway with Multi-factor authentication, industries using Citrix solutions, and tips from RCDevs.

MFA for Citrix Gateway

Multi-factor authentication solutions add an extra security layer to prevent unwanted users from getting access to your Citrix Gateway. MFA helps to securely identify the users before they interact with applications and data through remote network resources. When you enable 2FA, your users enter their username and password (first factor) as usual, and as a second factor, they have to enter an authentication code which will be shared virtually on their device or in the form of a hardware token. 

You can use MFA to protect both Remote access to the server and VPN App access.

Looking at the number of industries using Citrix XenApp and Citrix XenDesktop from enlyft, we understand how important it is to secure Citrix Gateway(sensitive data), which gives access to enterprise resources and data, especially now with remote working still continuing in the majority of workplaces.

Citrix XenDesktop
Citrix XenApp

Citrix MFA and RCDevs

RCDevs’ OpenOTP Server is a standard for organizations looking to protect their key business data assets. It has been designed to integrate seamlessly into existing Enterprise Citrix infrastructures.

The OpenOTP solution for Citrix Access Gateway, XenApp, and Netscaler offer a wide range of user authentication(Tokens, YubiKey, SMSOTP, MailOTP, etc) options to help securely identify users.

There are a lot of settings an administrator can do in the Authentication policies per client application or group of users.

Citrix Admin setting

1)User Access Policy

You can define multiple WebADM/OpenOTP criteria to access Citrix like : 

– Domain allowed to log in

– Allowed Groups to access Citrix resources 

– Excluded Groups not allowed to log in on Citrix resources 

– Location from where users are allowed to log in

– Day and time they can access that resource

User Access Policy

2)Forced application policies, pre-group and network extra policies

This provides you the ability to define OpenOTP settings for the Citrix client system and more like redefining completely the authentication factors. Also, what type of authenticator must be used/required to access the system according to a specific group or a network.

Forced application policies, pre-group and network extra policies

It is simple to integrate Citrix with OpenOTP via Radius Bridge.