Configure optional settings

The Citrix Gateway doesn't receive groups using the standard Attribute Value Pairs (AVP) of 11 (Filter-Id) and 25 (Class). Instead, it relies on Vendor Specific Attributes.

Before you begin

Ensure that you have the common UDP port and secret key values available.

Configure vendor-specific attributes

To configure the app to send RADIUS group information in vendor-specific attributes, complete the following steps:

1. In the Admin Console, go to ApplicationsApplications.
2. Find the application using the Search field and then click its name in the search results.
   
3. Select the Sign on tab.
4. Scroll to the Advanced RADIUS Settings section and then click Edit.
5. In the Groups Response section, complete the following options:
   1. Select Include groups in RADIUS response.
   2. In the RADIUS attribute subsection, select 26-Vendor specific.
   3. In the Vendor Specific ID field, enter the numeric vendor ID code for your product:
      • Cisco ASA-Group-Policy: 3076
      • Citrix Group-Names: 3845
      • Fortinet Group-Name: 12356
      • Palo Alto User-Group: 25461

      If your vendor-specific ID doesn’t appear here, search for it in the documentation for your product.

   4. In the Attribute ID field, enter the numeric attribute ID for your product:
      • Cisco ASA-Group-Policy: 25
      • Citrix Group-Names: 16
      • Fortinet Group-Name: 1
      • Palo Alto User-Group: 5

      If your attribute ID doesn’t appear here, search for the group policy attribute in the documentation for your product.

6. Click Save.