• No results found

Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

Citrix Netscaler Advanced guide for

SMS PASSCODE

© SMS PASSCODE 2014

(2)

Citrix Netscaler Advanced guide for SMS

PASSCODE.

This document outlines configuration scenarios with SMS PASSCODE and Citrix Netscaler.

Pre-requisites

In the Netscaler, you must have configured a virtual server with an authentication server set up with Radius Authentication. In the virtual server, it is possible to set authentication policies.

Configuration of the Authentication server with Radius for

SMS PASSCODE

The Authentication server must be configures with Radius. You can create an authentication server here “System-> Authentication ->Radius".

You should create it here if also the Netscaler should use the Radius authentication server. If the virtual servers only will use the Radius authentication server, then please navigate here “Netscaler Gateway-> Policies->Authentication->Radius”.

In the pane in the right side, choose add. Now click new to create the Radius authentication server.

(3)

The authentication type: Radius Time-out: 10 seconds (optional) Passcode Encoding: PAP

“Send Calling Station ID” should be check marked, if you want to use location aware authentication.

Shared secret must be the same secret as set in the MS radius server radius client (For configurations of the MS radius server please refer to the SMS PASSCODE administrators guide).

(4)
(5)

Once you opened your virtual server, you are able to edit the policies.

This is how you should setup you session policy if you only use Radius authentication. You are now able to edit or create a new session policy.

If you only use Radius authentication, your session policy should look like this:

(if you are publishing a Citrix Web Interface and not Storefront, then the Web Interface Address should most likely look like this: http//IPadress/Citrix/PNAgent/config.xml)

(6)

Authorization with Radius and SMS PASSCODE

If you need to extract groups with Radius, please make sure that you match Vendor code (SMS PASSCODE) with Group Vendor identifier in the CAG, Attribute number with Group attribute type, prefix with group prefix, and separator with group separator.

It is highly recommended to limit the group search to relevant groups, by adding the relevant groups in the SMS PASSCODE configuration tool.

For further information regarding the authorization pane in the SMS PASSCODE configuration tool, please refer to the SMS PASSCODE administrators guide.

(7)

Configure SMS PASSCODE for co-existence with

a token solution like RSA©

SMS PASSCODE can co-exist with token solutions like RSA. Scenario 1

Your token solution uses radius authentication. You configure radius forwarding from the SMS PASSCODE radius server to the Token solution radius server. This is the most common scenario. SMS PASSCODE users are resolved directly from the Radius server (1) that forwards the Token Users to the Token Radius server (2).

In the SMS PASSCODE configuration tool, you set a regular expression that denies the token code. In example this expression for numbers: ^\d*$

(8)

Scenario 2

You control usage by Netscaler Authentication policies.

You add 2 Authentication policies, one for SMS PASSCODE Radius and one for the Token solution authentication. The SMS PASSCODE authentication policy must be inserted before (lower number) the Token solution authentication policy.

When a SMS PASSCODE User is logging on (1), the user authenticates at the SMS PASSCODE Radius server. The Token solution user (2) is logging on; the user is at first authenticated with the SMS PASSCODE Radius authentication policy, which denies the user access, because the user is not a SMS PASSCODE User. An access-Deny is then sent back to the Netscaler, and the Netscaler will now try the next in line authentication policy, which is the Token solution authentication policy. Now the user will be able to gain access.

(9)

Configure settings for the “Citrix receiver for iPad/iPhone”

with Citrix receiver 5.6+.

Please refer to section “Configure Citrix Receiver for iPad/iPhone with Citrix Receiver version older than 5.6+” if you Citrix receiver is older than version 5.6+

Introduction of Challenge response in Citrix Receiver 5.6.0 for iDevices, eliminated the need for the SMS PASSCODE App.

To configure the Citrix Receiver, please open it, navigate to settings, and choose Accounts from the menu.

(10)

To add an account please click on the + sign.

Now enter the URL of your Citrix Access Gateway Enterprise Edition / Netscaler, and click on Next.

(11)

Fill in the information; leave Security Token as OFF, and save the configuration.

Now you are ready to use your Citrix Receiver. Your experience should look like this (This window will show if the password has not been saved or if it is not allowed to store the password).

(12)

You should now receive your One Time Passcode, and enter this. If the code correctly entered, you click OK, and you will gain access.

(13)

About SMS PASSCODE®

SMS PASSCODE is the leading technology in two- and multi-factor authentication using your mobile phone. To protect against the rise in internet based identity theft hitting both consumers and corporate employees, SMS PASSCODE offers a stronger authentication via the mobile phone SMS service compared to traditional alternatives. SMS PASSCODE installs in minutes and is much easier to implement and administer with the added benefit that users find it an intuitively smart way to gain better protection. The solution offers out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, VMware View, Juniper and other IPsec and SSL VPN systems as well as web sites. Installed at thousands of sites, this is a proven patent pending technology. In the last years, SMS PASSCODE has been named to the Gartner Group Magic Quadrant on User Authentication, awarded twice to the prestigious Red Herring 100 most interesting tech companies list, a Secure Computing Magazine Top 5 Security Innovator, InfoSecurity Guide Best two-factor authentication, a Citrix Solution of the Year Finalist, White Bull top 30 EMEA companies, a Gazelle 2010, 2011, 2012 and 2013 Fast Growth firm and a ComOn most promising IT company Award. For more information visit: www.smspasscode.com or our blog at blog.smspasscode.com.

Configure iPad/iPhone for Web Interface

To authenticate over the web interface with Citrix receiver for iPad requires:

Citrix Receiver for iPad version 4.2 or newer

Citrix Web Interface version 5.4 or newer

When you authenticate with Citrix Receiver for iPad over the web interface the SMS PASSCODE

References

Download now ( PDF - 13 Page - 1.59 MB )

Related documents

National Policy on Biofuels

5.23 In regard to Research and Development in the area of biofuels, a Sub- committee under the Biofuel Steering Committee proposed in this Policy comprising Department

CHAPTER 3: ENTERPRISE SYSTEMS ARCHITECTURE

When an organization has made the commitment to implement an ERP system, managers must keep a few things in mind: As the foundation of a successful ERP implementation, proper

Using a Web Service Dispatcher with SMS PASSCODE version 7.2 SMS PASSCODE 2014

IF you click set dispatcher, it will modify settings so you can use the Generic Web Service Dispatcher without modifying your settings.. This is preferred after

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

• if there is no existing passcode or the existing one is not complex enough then the user is asked to set a new passcode (how does the policy know? I would have thought the

Coloring and constructing (hyper)graphs with restrictions

For 3-uniform hypergraphs, every possible such edge exchange can be represented by a triangulation of a surface whose dual is bipartite (say the faces are colored red/blue):

Sustainability: Green hotels

This article focuses on impact areas most closely linked with the hotel building itself namely, the energy, water, and waste associated with construction and

OKLAHOMA SPACE INDUSTRY DEVELOPMENT AUTHORITY

The goal of this business plan study and development is to make a comprehensive analysis to determine the potential high payoff ventures and the realistic opportunities in aviation

An Intraday Analysis of the Market Efficiency-liquidity Relationship: The Case of BVB Stock Exchange

Consequently, the regression in which the individual effects are part of the error term shows a direct and significant relationship between efficiency and liquidity hence