Authentication and Authorization

Citrix Gateway employs a flexible authentication design that permits extensive customization of user authentication for Citrix Gateway. You can use industry-standard authentication servers and configure Citrix Gateway to authenticate users with the servers. Citrix Gateway also supports authentication based on attributes present in a client certificate. Citrix Gateway authentication is designed to accommodate simple authentication procedures that use a single source for user authentication, and more complex, cascaded authentication procedures that rely upon multiple authentication types.

Citrix Gateway authentication incorporates local authentication for the creation of local users and groups. This design centers around the use of policies to control the authentication procedures that you configure. The policies you create can be applied at Citrix Gateway global or virtual server levels and can be used to set authentication server parameters conditionally based on the user’s source network.

Because policies are bound either globally or to a virtual server, you can also assign priorities to your policies to create a cascade of multiple authentication servers as part of authentication.

Citrix Gateway includes support for the following authentication types.

• Local
• Lightweight Directory Access Protocol (LDAP)
• RADIUS
• SAML
• TACACS+
• Client certificate authentication (including smart card authentication)

Citrix Gateway also supports RSA SecurID, Gemalto Protiva, and SafeWord. You use a RADIUS server to configure these types of authentication.

While authentication allows users to log on to Citrix Gateway and connect to the internal network, authorization defines the resources within the secure network to which users have access. You configure authorization with LDAP and RADIUS policies.