Citrix Gateway Radius Configuration Guide

The Citrix Gateway now integrates with Okta via RADIUS or SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. 2.0. Using the Okta RADIUS AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. allows for authentication, including support for MFA to happen directly at the Citrix Gateway login page. For authentication, the agent translates RADIUS authentication requests from Citrix Gateway into Okta API calls that provide for user authentication. This guide explains how to configure Citrix Gateway to use the Okta RADIUS Agent.

This guide details how to configure Citrix Gateway to use the Okta RADIUS Server Agent.

If you want to integrate with Okta via SAML 2.0, add the Citrix Gateway SAML appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. in Okta by navigating to the Applications tab, select Applications > Add Application, search for Citrix Gateway, then click Add.

This guide has been verified with the following Citrix Gateway versions:

  • Version 10.5.x
  • Version 11.x
  • Version 12.x
  • Version 13.0.x

The following Citrix clients have been validated:

  • Citrix Web Receiver
  • Citrix Windows \ Mac Receiver
  • Citrix iOS \ Android Receiver

Supported Okta Features

The following Okta features are supported: