Configure the Citrix Gateway

Before you begin

  • Ensure that you have the common UDP port and secret key values available.
  • Ensure that you've configured a Gateway VIP in accordance with its respective documentation.

Configure the Citrix Gateway

  1. Log in to the Citrix Gateway admin interface with admin rights.
  2. Select the Configuration tab.
  3. Select Citrix GatewayPoliciesAuthenticationRADIUS.
  4. Select the Servers tab.
  5. Click Add.
  6. Complete all sections in the Create Authentication RADIUS Server dialog. Select Server Name or Server IP to define the server running the Okta RADIUS agent. You can verify the port number and secret key in the Okta RADIUS agent admin tool.
  7. Expand the More (or Details) option. Set Password Encoding to pap. You can use the available group settings and attributes for Citrix permissions, as necessary.
  8. Click OK to save the server definition.
  9. From the RADIUS section, select the Policies tab.
  10. Click PoliciesAdd.
  11. Enter a name for the policy.
  12. Select the new server definition from the Server dropdown list.
  13. Enter ns_true as the Expression. This makes the policy active whenever it's bound to a VIP. If required, you can create more restrictive expressions to control when to apply the policy.
  14. Select Virtual Servers under Citrix Gateway (Netscaler Gateway).
  15. Select the virtual server where you want to bind your policy.
  16. Click Edit.
  17. In the Authentication section, unbind any existing policies.
  18. Go to the Authentication section of the VPN Virtual Server page. Click +.
  19. Choose RADIUS from the Choose Policy dropdown list.
  20. Choose Primary from the Choose Type dropdown list.
  21. Click Continue.
  22. Choose your policy from the Select Policy dropdown list. Click OK.
  23. Set Priority to 10. Click Bind.
  24. Click Done.