This is part 2 of the nFactor setup that outlines how to setup the AAA-TM server and the Authentication Profile that you need in order to implement the nFactor flow you created in part 1. Link to Part 1 below.
Part 1: https://xenapplepie.com/2022/03/13/how-to-create-the-wow-nfactor/
This section outlines setting up the AAA-TM server to replace basic authentication on Citrix Gateway. If you want to make this accessible to things other than just Citrix Gateway, you will need an IP address, a certificate, and a DNS entry to point to said IP address. If you want to ONLY use it for Citrix Gateway, there is an option under the configuration for IP Address Type to select “Non Addressable.” In this example, an IP address will be used.
Login to you Citrix ADC and navigate to Security > AAA – Application Traffic > Authentication Virtual Servers. Select “Add.”
You can do two different assignments with this setting. Under “IP Address Type,” you can select “Non Addressable” if you only wish to use for Citrix Gateway.
Enter “Name.”
Select “IP Address Type” as “IP Address.”
Enter IP address.
Click “OK.”
Click on “No Server Certificate.”
Select the certificate you wish to bind to the AAA-TM server.
Click “Select.”
Select “Bind.”
Select “Bind.”
Select “Continue.”
Click “nFactor Flow.”
Click “Add Binding.”
Select the nFactor flow you created previously and click “Select.”
Enter “true” for the “Expression.”
Click “Bind.”
In the upper-right, select “Portal Themes.”
Select “Add.”
Here you can change the look of the theme. Accepting the defaults, click “OK.”
Click “Done.”
Click “OK.”
Click “Done.”
This completes the setup of the AAA-TM vserver. The next step is to create the Authentication Profile that will be used on Citrix Gateway to utilize the AAA-TM vserver.
Navigate to Security > AAA – Application Traffic > Authentication Profile.
Select “Add.”
Enter “Name” for the profile.
In the drop down for “Authentication Virtual Server,” select the AAA-TM server you created.
Click “Select.”
Click “Create.”
All the pieces have been created, now to apply to Citrix Gateway vserver.
Navigate to Citrix Gateway > Citrix Gateway Virtual Servers.
Select the one you you wish to edit and select “Edit.”
In the upper-right, select “Authentication Profile.”
Select the authentication profile you created earlier and select “OK.”
If you have any policies under “Basic Authentication,” you will need to click the pencil icon and unbind all the policies you have bound there.
Click “OK.”
Click “Done” at the bottom.
Citrix Gateway vserver is now using the Advanced Authentication with nFactor!