• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Company · Blog · Newsletter · Events · Partner Program

Downloads      Support      Security     Admin Login
Rublon

Rublon

Secure Remote Access

  • Product
    • Regulatory Compliance
    • Use Cases
    • Rublon Reviews
    • Authentication Basics
    • What is MFA?
    • Importance of MFA
    • User Experience
    • Authentication Methods
    • Rublon Authenticator
    • Remembered Devices
    • Logs
    • Single Sign-On
    • Access Policies
    • Directory Sync
  • Solutions
    • MFA for Remote Desktop
    • MFA for Remote Access Software
    • MFA for Windows Logon
    • MFA for Linux
    • MFA for Active Directory
    • MFA for LDAP
    • MFA for RADIUS
    • MFA for SAML
    • MFA for RemoteApp
    • MFA for Workgroup Accounts
    • MFA for Entra ID
  • Customers
  • Industries
    • Financial Services
    • Investment Funds
    • Retail
    • Technology
    • Healthcare
    • Legal
    • Education
    • Government
  • Pricing
  • Docs
Contact Sales Free Trial

Multi-Factor Authentication (2FA/MFA) for Citrix Gateway

Multi-Factor (MFA) and Two-Factor Authentication (2FA) for Citrix Gateway

November 20, 2019 By Rublon Authors

Last updated on April 23, 2024

Overview of MFA for Citrix Gateway

Multi-Factor Authentication (MFA) for Citrix Gateway is an additional layer of security that requires users to provide two authentication factors to gain access to their accounts. The first factor involves the user entering their Active Directory / RADIUS username and password. Once the first factor is completed, a secondary authentication layer kicks in where users must choose from one of the available authentication methods, such as Mobile Push or Email Link. Upon successful completion of both factors, the user will have access to Citrix Gateway. Implementing Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) for Citrix Gateway allows for an added level of protection, ensuring that malicious actors are unable to gain access to sensitive information, even when they know the user’s login credentials.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push ✔ N/A
WebAuthn/U2F Security Key – N/A
Passcode ✔ N/A
SMS Passcode – N/A
SMS Link ✔ N/A
Phone Call ✔ N/A
QR Code – N/A
Email Link ✔ N/A
YubiKey OTP Security Key ✔ N/A

Demo Video of MFA for Citrix Gateway

Before your start

You need to install and configure Rublon Authentication Proxy itself before configuring Citrix Gateway to work with it. Please read the Rublon Authentication Proxy  documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Ensure that you have properly set up your authentication source, that is an external Identity Provider (IdP) like RADIUS, OpenLDAP or Microsoft Active Directory.

Configuration of MFA for Citrix Gateway

Prepare RADIUS Request Server

1. Log in to Netscaler.

2. Select the Configuration tab

3. Go to Citrix Gateway → Policies → Authentication → RADIUS in the menu on the left.

4. Switch to the Servers tab.

5. Click the Add button.

6. Fill in the Create Authentication RADIUS Server form. Refer to the following image and table.

NameEnter the name of your new Authentication RADIUS Server. This name cannot be changed after the server has been created.
Server Name / IP AddressEnter the FQDN of your RAP server if you chose Server Name, or the IP of your RAP server if you chose Server IP.
PortEnter the port of your RAP server.
Secret KeyEnter the RAP server Secret.
Confirm Secret KeyReenter the RAP server Secret.
Time-outSet to 90s.

7. Click More.

8. Check Send Calling Station ID.

9. You can test your configuration using Test RADIUS Reachability.

10. Click Create to finish creating your new Authentication RADIUS server.

Prepare RADIUS Policy

1. Select the Configuration tab.

2. Go to Citrix Gateway → Policies → Authentication → RADIUS in the menu on the left.

3. Switch to the Policies tab.

4. Click the Add button.

5. Enter the Name for your RADIUS authentication policy, e.g. rap.example.com

6. Select the previously created request server in Server* 

7. Set Expression* to ns_true

Prepare users

1. Select the Configuration tab.

2. Go to Citrix Gateway → User Administration → AAA Users.

3. Click the Add button.

4. Enter the User name.

5. Check External Authentication.

6. Click OK to create the user.

7. Click Done to get back to the userlist.

Note

If you would like to change the way of authenticating an existing user, check the user, and click the Edit button. Next, click the pen icon on the right to open the AAA User form.

Modify login method in Virtual Server

1. Select the Configuration tab

2. Go to Citrix Gateway →  Virtual Servers.

3. Select an existing Virtual Server or create a new one.

4. Select the Virtual Server of your choice and click Edit.

5. Click + in the Basic Authentication section.

6. Set Choose Policy to RADIUS.

7. Set Choose Type to Primary.

8. Click Continue.

9. Navigate to the Policy Binding section. Select the policy you have created before by clicking Click to select under Select Policy*.

10. Check the previously created SAML server. Click Select.

11. Set Binding Details Priority to 100.

12. Click Bind.

Note

If you have a Local Policy defined in the Basic Authentication section, click on it. Check the binding, and click the Unbind button at the top.

13. Your configuration is complete. You can use Rublon 2FA while logging in to Citrix Gateway.

Log in to Citrix Gateway using MFA for Citrix Gateway

1. Provide your login and password, and click Log On.

2. Check your mailbox for an email from Rublon. Open the email, and click Sign In.

3. You will be successfully logged in to Citrix Gateway.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Access Gateway

Rublon Authentication Proxy – Integrations

Filed Under: Documentation

Primary Sidebar

Contents

  • Overview of MFA for Citrix Gateway
  • Supported Authentication Methods
  • Demo Video of MFA for Citrix Gateway
  • Before your start
  • Configuration of MFA for Citrix Gateway
    • Prepare RADIUS Request Server
    • Prepare RADIUS Policy
    • Prepare users
    • Modify login method in Virtual Server
  • Log in to Citrix Gateway using MFA for Citrix Gateway
  • Troubleshooting
  • Related Posts
Try Rublon for Free
Start your 30-day Rublon Trial to secure your employees using multi-factor authentication.
No Credit Card Required


Footer

Product

  • Regulatory Compliance
  • Use Cases
  • Rublon Reviews
  • Authentication Basics
  • What is MFA?
  • Importance of MFA
  • User Experience
  • Authentication Methods
  • Rublon Authenticator
  • Remembered Devices
  • Logs
  • Single Sign-On
  • Access Policies
  • Directory Sync

Solutions

  • MFA for Remote Desktop
  • MFA for Windows Logon
  • MFA for Remote Access Software
  • MFA for Linux
  • MFA for Active Directory
  • MFA for LDAP
  • MFA for RADIUS
  • MFA for SAML
  • MFA for RemoteApp
  • MFA for Workgroup Accounts
  • MFA for Entra ID

Industries

  • Financial Services
  • Investment Funds
  • Retail
  • Technology
  • Healthcare
  • Legal
  • Education
  • Government

Documentation

  • 2FA for Windows & RDP
  • 2FA for RDS
  • 2FA for RD Gateway
  • 2FA for RD Web Access
  • 2FA for SSH
  • 2FA for OpenVPN
  • 2FA for SonicWall VPN
  • 2FA for Cisco VPN
  • 2FA for Office 365

Support

  • Knowledge Base
  • FAQ
  • System Status

About

  • About Us
  • Blog
  • Events
  • Co-funded by the European Union
  • Contact Us

  • Facebook
  • GitHub
  • LinkedIn
  • Twitter
  • YouTube

© 2025 Rublon · Imprint · Legal & Privacy · Security

  • English