The NetScaler team is focused on delivering innovations that can help to transform how your admins manage your organization’s endpoints and how your employees work. That’s why we are excited to announce the general availability of NetScaler advanced authentication policy (nFactor) support for mobile application management (MAM) on the iOS and Android platforms, including Citrix Endpoint Management.

How NetScaler works for authentication

NetScaler Gateway (formerly Citrix Gateway) has been our flagship gatekeeper solution for Citrix Endpoint Management customers for many years, supporting MAM and secure access to native and web content. By leveraging nFactor, NetScaler customers can elevate the security posture for their iOS and Android enrollments with multi-factor authentication. Whether you want to fully manage mobile endpoints (MDM + MAM) or allow personal devices to access corporate applications and data (MAM only), nFactor delivers extra security validation.

For example, for personal devices, admins can configure and deploy Citrix Endpoint Management to use MAM-only enrollment with LDAP and a native one-time password (OTP), along with their preferred application authenticator (such as Google Authenticator, Microsoft Authenticator, and others). This helps to ensure their mobile users are real and reduces the chances of malicious attacks.

Get started

Getting started is easy. All you have to do is complete these items and meet these requirements:

1. Open a Technical Support case and provide the Org ID in your case to enable this feature.
2. Minimum requirement on NetScaler release 13.0 build 67 (newer builds recommended).
3. NetScaler nFactor is supported on both Citrix Endpoint Management (cloud hosted) and XenMobile Server (on-premises).
4. Ensure the latest version of Citrix Secure Hub is installed from Apple or Google Play
5. Follow these instructions for configuring NetScaler nFactor.
6. Ensure the authentication method from NetScaler and Citrix Endpoint Management matches. Citrix Endpoint Management supports the following authentication use cases with nFactor:
   1. Client certificate
   2. Client certificate + LDAP
   3. LDAP
   4. LDAP + OTP (One-time Password)

For more information on how to configure these use cases in Citrix Endpoint Management, check out our certificates and authentication product documentation.

Client certificate authentication use case: step-by-step instructions

The following scenario shows one of the nFactor authentication types supported with Citrix Endpoint Management: client certificate authentication.

In this scenario, authentication challenges delivered by nFactor are seamless to the end user, delivering a smooth experience to access corporate-managed or public applications.

Users enroll in Citrix Endpoint Management and submit their credentials.

Upon verification and MDM profile installation, the client certificate is delivered to the endpoint.

NetScaler Gateway challenges the endpoint with the client certificate. Seamlessly, the endpoint submits the client certificate to the NetScaler for authentication and authorization.

Upon validation, the endpoint is prompted to create a Citrix PIN.

Once the Citrix PIN is created, the endpoint can access the store which contains both MDX/MAM SDK and web/SaaS apps.

Learn more

Get more details in this article about NetScaler nFactor authentication.