Can you add 2 factor authinication to the Citrix iApp?

The process to achieve this should be very similar to those needed to implement two-factor using RSA SecurID. I recommend using the iApp to configure AD Auth, and to ensure it is running successfully. This will help with any troubleshooting.

Once it is operational, you could insert RADIUS authentication. Setup the RADIUS AAA resource as needed for your environment, then in the VPE, add the RADIUS auth object before the AD Auth object. Continue as if you are configuring RSA.

A step-by-step guide for implementing RSA AAA starts on page 54 of this guide, and specifically starts at step 14: http://www.f5.com/pdf/deployment-guides/citrix-vdi-iapp-dg.pdf

Please reply back if you have any other questions.

Can anybody confirm if this was successful?

I got it to work fine. We happened to be evaluating RSA at the time, so I just created and iApp using RSA, then swapped out the RSA for our RADIUS and it worked fine. The guide for me was a little confusing, it was much easier than I thought to set this up.

The problem with RSA is you need a file off the RSA server to create the AAA server object. So, if you need more info and your set up is similar to mine, I can post details later if you would like.

Thank you for the quick reply!

I would appreciate any more detail you would be able to provide. I will be setting this up soon, so I am glad that others have been successful getting Radius set up.

I do not have RSA to set it up with that initially. I will try to create the iApp without 2FA then add 2FA via Radius after it is set up.

If I run into any issues, I will post them here.

Thanks again!!

This is what my access policy looks like. There might be other stuff buried, but this is a start.

Under "Logon Page"

Under "Variable Assign AD"

Under "Variable Assign Domain" (Enter your domain in "Domain")

Do you have anybody logging in with Citrix Receiver? If so, did this take additional configuration?

Also, is your Variable Assign AD set as "unsecure"?

Thanks again!

TO the first question, most people use the web site to log on, it will have all their apps and when they click on them it will call up Receiver. I don't think Citrix Receiver can log into it natively, but not 100% sure, it doesn't work with our setup. HOWEVER, mobile Citrix Receiver logs in just fine.

Second question is yes, this is how the RSA set it up. I didn't change it, but I sure look in to exactly what that means :)

First: Thanks, mobile Citrix Receiver is manly what we will need, initallially at least. Since we will have a lot of users needing to use iPads with Citrix Receiver, so if that works, I'm happy.

Second: The "secure" tag will encrypt that value.

For instance, if you are entering an AD password (which it appears to be), you probably want that to be "secure" so it isn't visable in plain text. If your "Passcode" is a One-Time Passcode, you should be fine with leaving that "unsecure".

Thanks again! I appreaciate it!

Click on the iApp you created and go to "Properties"

Haha, thanks. Was staring me right in the face.

Thanks again!