Multi-Domain Citrix Gateway nFactor Authentication + FAS
Рет қаралды 6,524
Күн бұрын
@raydavis3697 Жыл бұрын
This is very good. Do more of these please. Thank you.
@yaaweehoo Жыл бұрын
This was great up until I needed to setup more than 32 authentication policies for all 192 of our domains in our CSP. Managed to come up with a work around using nFactor Flow decision blocks to extend past the 32 authentication policy limit per vServer, however the setup process is far from ideal. I read that there was an enhancement request to raise this a few years ago but nothing ever happened with it. Would love too see that change implemented! I cannot see a reason why the 32 authentication policy limit is in place.
@leeprior8520 4 жыл бұрын
Cool video, any way to pass the username to the IDP so the users don't have to enter twice?
@Daniel-fe6ch 3 жыл бұрын
Did you find answer to you question somewhere else? I have the same question, its not a nice solution when you get to enter your username twice..
@zhabokot Жыл бұрын
The Session Action with SSO On will allow Users to enter the credentials just once
@yaaweehoo Жыл бұрын
Doesn't support domain hint so it won't let you do that. To reduce confusion I've changed the login schema button from Logon to Next so users don't get the impression that they're signing in twice. You could use nFactor to path users directly to their SAML authentication policy as a work-around, keeping both the login page and a more direct route.
@IF-vg5ud 10 ай бұрын
@@yaaweehoo How did you configured this? How can you path users directly to their SAML authentication policy? Would be great to or extract the username from the intune device, or just redirect directly to the right page?
@yaaweehoo 10 ай бұрын
@@IF-vg5udto work around the 32 policy limit, I chained them together with another policy to be processed last with expression true and action noauthn, then I bolt on another authentication policy label with select next factor With this, you can have in theory, thousands of domains linked. I was also able to path in direct to the domain authentication policy using a nsc_tass cookie which is bound to the virtual server with a lower priority than the domain check. Hope that makes sense
@Deepakchaudhary45018 Жыл бұрын
Where is the FAS server configuration? it should have ben the part of this video. Which IDP we are using for the authentication ?
@yaaweehoo Жыл бұрын
Azure / Entra ID
Tech Guy
Рет қаралды 6 М.
Kate Brush
Рет қаралды 45 МЛН
c4rm0
Рет қаралды 2,6 М.