Security
2FA for Citrix NetScaler Gateway: When accessibility meets privacy
Two-factor authentication is a standard in most businesses where their infrastructures require users to authenticate with something they know beyond just a username and password. With Citrix 2fa and an authenticator app, users are required to provide two means of identification credentials for authentication. The most common example of authenticating with 2FA is the use of username and password credentials in combination with a bypass code, token, or personal identification number (PIN).
2FA can be implemented using RADIUS, which is the industry standard protocol for providing authentication and authorization. The RADIUS server matches data from the authentication request with information in a trusted database such as LDAP, or Active Directory. If the match is found and the credentials from the user are correct, the client is granted access to their corporate resources. Here’s an example of the authentication flow with Citrix 2fa and an authenticator app:
- A user attempts access with username / password
- The username / password is verified against an existing first factor directory (LDAP, Active Directory or RADIUS)
- A RADIUS authentication request is sent to the authenticator app RADIUS Connector
- An authentication request is made to the authenticator apps Cloud Services
- Secure push notification request sent to the user’s mobile or desktop device
- User response (approval or denial of request) sent to the authenticator apps Cloud Services
- The LoginTC RADIUS Connector polls until the user responds or a timeout is reached
- RADIUS Access-Accept sent back to Citrix NetScaler
- User is granted access to Citrix NetScaler
Two-factor authentication is one of the quickest and simplest ways to increase your security with a minimal amount of effort.
As an organization, you want to be implementing a 2FA solution that has an overall simple setup and doesn’t compromise privacy. Some 2FA methods are more easily accessible than others, but based on your business needs, whichever one you choose will bring your company protection with ease. Some simple 2FA methods are:
- Hardware tokens: This type of 2FA requires users to possess a type of physical token, such as a USB token, that they must insert in their device before logging on. Some hardware tokens display a digital code that users must enter.
- SMS and voice 2FA: You’ll receive either a text or voice message giving you a code that you must then enter to access a site or account.
- Biometrics: To log onto a site, you’ll first have to verify it’s you through something physical about yourself. Most commonly, this means using a fingerprint scanner.
These two-factor authentication methods provide an accessible user experience while also maximizing your privacy. You’ll never have to worry about two-factor authentication being difficult for your users. There is a common misconception that some people think that the easier a two-factor authentication solution is to implement, the less secure and private it is. But that’s not true. Users don’t want a product that maximizes security at the cost of usability. Infact, they prefer a product that is both easy to use and offers maximum security.
Think about it the next time you use your authenticator app with Citrix 2fa. Think about how easy the process of logging in to the Citrix connector with the authenticator app is. Then think about how secure you feel when you log in. Cybersecurity doesn’t have to be difficult. Everyone should be able to have a basic understanding of their authentication process and the security it provides. In today’s new generation of cybersecurity, the more accessible a 2FA solution, the more private and secure it is.
