Citrix Netscaler Gateway Radius Configuration Guide


The Citrix NetScaler Gateway now integrates with Okta via RADIUS or SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. 2.0. Using the Okta RADIUS AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. allows for authentication, including support for MFA to happen directly at the NetScaler Gateway login page. For authentication, the agent translates RADIUS authentication requests from NetScaler into Okta API calls that provide for user authentication. This guide explains how to configure Citrix NetScaler Gateway to use the Okta RADIUS Agent.

For integration with Okta via SAML 2.0, in Okta, add the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. from the OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs. by navigating to Applications > Applications> Add Application, search for Citrix Netscaler (RADIUS), and then click Add Application.

This guide has been verified with the following NetScaler Gateway versions:

  • Version 10.5.x
  • Version 11.0.x
  • Version 11.1.x

The following Citrix clients have been validated:

  • Citrix Web Receiver
  • Citrix Windows \ Mac Receiver
  • Citrix iOS \ Android Receiver

Supported Okta Features

The following Okta features are supported:

  • Authentication with Okta Credentials via RADIUS
  • Authentication with Okta Credentials via SAML
  • Multi-factor authentication via RADIUS
  • Multi-factor authentication via SAML
  • Group memberships/Attributes via RADIUS – NetScaler passes the username and password to storefront for AD group permissions