To configure a Citrix Access Gateway to use Defender as its authentication mechanism, take the following steps:
1. Configure a Citrix Access Gateway in Defender.
2. Define a shared secret.
3. Enable RADIUS authentication.
4. Select the appropriate authentication option.
Each of these steps is described in detail below.
Step 1: Configure a Citrix Access Gateway in Defender
The Citrix Access Gateway must be defined as an Access Node in the Defender configuration.
The Access Node is the point in your network where the user is prompted to enter log-on credentials (such as a user ID, password, or token authentication information) to verify his or her identity. The Access Node sends the user's log-on credentials to the Defender Security Server (DSS) for authentication. If authentication is successful, the user is granted access to the network.
For information on how to define an Access Node, refer to Knowledge Article 45588, "Defender Access Node Configuration".
Step 2: Define a Shared Secret
Communication between the Citrix Access Gateway and Defender is secured by means of a shared secret - a piece of information known only to the Defender Security Server and the Access Node. When the Access Node attempts to establish a connection with the Defender Security Server, the shared secret enables the Security Server to identify the Access Node as a trusted partner.
For information on how to define a shared secret in Defender, refer to Knowledge Article 45588, "Defender Access Node Configuration".
Citrix Access Gateway
To define the shared secret in the Citrix Access Gateway, use the Citrix Service Configuration tool and take the following steps:
1. Check the Enable use of RADIUS shared secret checkbox.
2. Type a shared secret in the dialog box.
You may also refer the Citrix documentation for additional information related to your specific model and version.
Step 3: Enable RADIUS Authentication
The Citrix Access Gateway authentication uses the RADIUS protocol to communicate with the Defender Security Server.
Using the MetaFrame Access Suite Console, take the following steps:
1. Right click on Access Server Farm and select Edit Farm Properties.
2. Select the Advanced Authentication tab and add a new RADIUS Server.
Step 4: Select the Authentication Option
Finally, you must select the appropriate authentication option for the Citrix Access Gateway to authenticate to Defender.
When you create log-on endpoints, select Advanced Authentication on the Authentication Strength page.
Please refer to the Citrix documentation for additional steps on configuring for Radius.