Complete all sections in the Create Authentication RADIUS Server dialog. Select Server Name or Server IP to define the server running the Okta RADIUS agent. You can verify the port number and secret key in the Okta RADIUS agent admin tool.
Expand the More (or Details) option. Set Password Encoding to pap. You can use the available group settings and attributes for Citrix permissions, as necessary.
Click OK to save the server definition.
From the RADIUS section, select the Policies tab.
Click Policies > Add.
Enter a name for the policy.
Select the new server definition from the Server dropdown list.
Enter ns_true as the Expression. This makes the policy active whenever it's bound to a VIP. If required, you can create more restrictive expressions to control when to apply the policy.
Select Virtual Servers under Citrix Gateway (Netscaler Gateway).
Select the virtual server where you want to bind your policy.
In the Authentication section, unbind any existing policies.
Go to the Authentication section of the VPN Virtual Server page. Click +.
Choose RADIUS from the Choose Policy dropdown list.
Choose Primary from the Choose Type dropdown list.
Choose your policy from the Select Policy dropdown list. Click OK.