0

At our company we have XenApps accessible through Citrix Access Gateway. I am looking through the settings and i can see under the Web Interface settings that the authentication point is set to be "at gateway", which means that authentication is worked out at Citrix Access Gateway, before it reaches Citrix Web Interface.

We are thinking about implementing two-factor authentication using SMSPASSCODE, and that is undoubtedly easiest to setup when authentication on Citrix Web Interface is NOT at the CAG.

So my question will be: If i change authentication from Access Gateway to the Citrix Web Interface will i compromise the security?

enter image description here

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
dhojgaard
  • 109
  • 1
  • 6

1 Answers1

1

I think you're misunderstanding that option. If you want to authenticate at the Web Interface, you'll need to point people directly to it and open all of the relevant ports.

So, yes. You will be compromising your security because you'll no longer be tunneling sessions and authentication through the CAG.

Perhaps this page will give you some direction:

http://support.nordicedge.com/step-by-step-guide-to-implement-sms-authentication-to-citrix-access-gateway-enterprise-edition/

Dan
  • 15,280
  • 1
  • 35
  • 67