Some days ago, I have implemented one-time passwords (OTP) for NetScaler Gateway for one of my customers. This feature was added with NetScaler 12, and it’s a great way to secure NetScaler Gateway with a native NetScaler feature. Native OTP does not need any third party servers. But you need a NetScaler Enterprise license, because nFactor Authentication is a requirement.
To setup NetScaler native OTP, I followed the availbe guides on the internet.
- NetScaler Gateway 12 Native One Time Passwords (OTP) by Carl Stalhood
- NetScaler native OTP by George Spiers
- Native OTP Support by Citrix
The setup is pretty straightforward. But I used the AD extensionAttribute15 instead of userParameters, because my customer already used userParameters for something else. Because of this, I had to change the search filter from userParameters>=#@ to extensionAttribute15>=#@ .