Knowledge Blog

Integrating push notification for Citrix NetScaler OTP (ManageOTP schema)

Create a client at Citrix Cloud

  1. Create a Citrix Cloud company account or join an existing one.
  2. Log in to https://citrix.cloud.com
  3. From Menu, select Identity and Access Management and then navigate to the API Access tab to create a client for the account.
  4. Name your client and click Create Client.
  1. This will pop up with the details like below.
  1. Copy the details and store it. Remember you can’t get the Client secret again although client ID is always visible at grid. Customer ID is visible on top of the grid, note down that too.
Note: You can use the same credentials in multiple environments. You also need to make sure that your appliance can connect to mfa.cloud.com and trust.citrixworkspacesapi.net without any issues.

Create a push service

  1. Navigate to Security > AAA-Application Traffic > Policies > Authentication > Advanced Policies > Actions > Push Service and click Add.
  2. Name it and enter the details you obtained in previous step.
  1. Click Create.
  2. Check the statusand refresh until it changes to COMPLETE.
Note: If the change doesn’t happen within few minutes then there must be problem in your configuration or your DNS settings. Check them and make sure you can ping mfa.cloud.com and trust.citrixworkspacesapi.net from your NetScaler console.

Configure your OTP Schema

It is assumed that you have already configured ManageOTP page using nFactor flow and all necessary policies. If not follow our previous tutorial Setting up ManageOTP nfactor authentication schema with NetScaler 14.1 >>

  1. Go and edit your nFactor Flow. (AAA Application Traffic >> nFactor Visualizer >> nFactor Flows)
  2. Click on the schema under OTP Authentication factor.
  1. Click Edit.
  1. Click Edit by Clicking on the Pencil Icon.
  1. Change the schema to DualAuthOrPush.xml.
  1. Click Select and then Click OK.

That’s all we are done with the Push integration for the OTP page. Let’s verify it works properly.

  1. Now go to your manageOTP page (https://yourdomain.com/manageotp).
  2. Click Add a New Device. Name it and Click OK.
  1. You can see QR Code which means your integration is good.
  2. You can download Citrix SSO app on your devices to begin with the OTP Push method.
Looking for a support to manage or customize your Citrix environments? Let’s discuss>>
Scroll to Top