As I am currently working on an Azure Citrix Cloud project, I need to configure Azure MFA as well on the NetScaler.
I found this interesting article from Rene Bigler (@dready73):
Multi-factor Authentication for Citrix XenDesktop / NetScaler against Azure AD
However I had issue configuring my NetScaler.
In fact on Azure with Citrix Template, the latest firmware is deployed which is currently NS12.1 48.13nc.
With this version, when you try to add a SAML Authentication server, it will not work providing you the following error:
I tried with an older Firmware and it worked fine, so I imagine this is a Bug from the GUI.
To be able to have the configuration done, I did it through CLI.
Here after are the needed command-line:
| add authentication samlPolicy <Policy-name> ns_true <Authentication>
add authentication samlAction <Authentication> -samlIdPCertName <Azure_SAML_cert> -samlSigningCertName ns-server-certificate -samlRedirectUrl “https://login.microsoftonline.com/###/saml2” -samlIssuerName “https://netscaler.domain.com” -signatureAlg RSA-SHA256 -digestMethod SHA256 -logoutURL “https://login.microsoftonline.com/common/wsfederationwa=wsignout1.0” |
You will need to change the value of the red information in the above command to fill with your own information.
Just run those 2 command-lines and save your configuration.