To add Duo two-factor authentication to your Citrix Gateway with nFactor you’ll configure the Duo Authentication Proxy as a secondary RADIUS authentication server. Primary authentication happens directly between the Citrix Gateway and your Active Directory, LDAP, or other identity store, which enables additional features such as AD password resets.
Before starting, make sure that Duo is compatible with your Citrix Gateway device. Log on to your Citrix Gateway via the web interface and verify that your Citrix Gateway firmware is version 12.1-51.16 or later and your Citrix Receiver or Citrix Workspace clients support 12.1 or later.
Also verify that your Citrix Gateway is licensed for Advanced Authentication Policy. As of Citrix Gateway release 13.0-67.x, the “Standard” license also includes nFactor for Gateway/VPN, while Citrix ADC requires an “Advanced” or “Premium” license to use nFactor.
Duo Authentication for Remote Desktop Gateway adds two-factor authentication to your RemoteApp Access logons, and blocks any connections to your Remote Desktop Gateway server(s) from users who have not completed two-factor authentication when all connection requests are proxied through a Remote Desktop Gateway. Users automatically receive a 2FA prompt in the form of a push request in Duo Mobile or a phone call when logging in.
Duo integrates with Microsoft Windows client and server operating systems to add two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts. Duo Authentication for Windows Logon add Duo two-factor authentication to Windows desktop and server logins, both at the local console and incoming Remote Desktop (RDP) connections.
Today, I am going to how to step by step configure them.