NetScaler Unified Gateway is a Single Sign-On and an SSL VPN solution. It provides consolidation of all remote access solutions and allows an end-to-end SSO across all applications. With SSO across applications that are in the datacenter, cloud, or delivered as SaaS, NetScaler Unified Gateway is a complete solution that helps improve security and user experience, simplify management, and reduce costs.
With NetScaler version 12.0.51.24, we are further enhancing the value with NetScaler Unified Gateway. Not only do we allow consolidating point products for remote access and SSO, but also any third party solution that provides a one-time password (OTP).
Time-based One-Time Passwords (OTP) are a way of authenticating users. It is called One-Time Password, since the password code changes each time. OTPs have transformed from being a hardware-based authentication device, to software based applications that can be installed on your smartphones. For implementing an OTP, customers need an OTP generator and an OTP validator. The OTP generator is what users have that displays the password, whilst validator is the one that verifies the one-time password generated by the user token. NetScaler Unified Gateway can now act as a validating server for OTP thus avoiding a need for an external third party server, thereby simplifying the network and helping reduce cost. By using Google Authenticator mobile application on your iOS and Android phones or Windows Authenticator on Windows phones as OTP generators, you can use OTP as your multi-factor authentication schema at no extra cost.
About NetScaler OTP
NetScaler OTP has two interfaces; management interface, and a user interface.
Management interface is used to enroll a device that has “Google Authenticator” application installed. The registration or the management URL can be restricted to intranet OR it can be part of the login workflow, wherein users are directed to this URL automatically and as a self-service can enroll/unenroll/update/test OTP devices.
NetScaler OTP Management Workflow
- First time login: Users are asked to provide just username and password as a first step. This would allow user enrolling their OTP devices.
- Once the users are authenticated, they will be directed to the device enrollment page. This workflow can be designed within NetScaler. Once the users are redirected to this page, they can enroll their OTP device following the wizard.
- Once the user name their device, they will be shows a QR code. Users will need to scan the QR code using their google authenticator application. Once the scan is successful, device is enrolled and users can use it for their OTP authentication.
- Users can select to test their device, once the QR scan is successful.
NetScaler OTP: User Login Workflow
- Once the device is successfully enrolled and tested, users can login using their one-time password application. Depending on the authentication mechanisms selected, users will be asked to enter their credentials. The second factor of authentication, in this case, is an OTP. Users then enter the digits shows on their OTP applications.
- Once successfully authenticated, users will get access to the NetScaler Unified Gateway portal page from where they can select their access method.
For a demo of how it works, watch the video below.
Please note: Users will have to download the Google Authenticator app from either the Apple App Store or Android Play Store.
When a user logs in for the first time, will need to register their iOS or Android devices by scanning a bar code. They will be asked to enter their username and password and then will follow steps to enroll their OTP generator device. Once a device is added, users can now start using them for generating OTPs to authenticate themselves.
NetScaler Unified Gateway also works with any third party OTPs like Symantec VIP, RSA SecureID etc., if you are currently using one already.
For more information on our offering, please visit www.citrix.com/gateway