Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps in which individuals are authenticated through more than one required security and validation procedure that only you know or have access to. Citrix NetScaler is an application delivery and load balancing solution that provides a high-quality user experience for your web, traditional, and cloud-native applications regardless of where they are hosted. It comes in a wide variety of form factors and deployment options without locking you into a single cloud. Pooled capacity licensing enables the movement of capacity among cloud deployments. Acceptto offers a simple solution for adding MFA to Citrix NetScaler via its SAML solution.



  1. An Acceptto Appliance connected to your user directory (for example Microsoft Active Directory).
  2. The user population that is going to be authenticated via SAML must be enrolled in the It’s Me Application.
  3. A user with administrative privileges for NetScaler.
  4. A user with administrative privileges for the Acceptto Appliance.


Acceptto SAML Configuration as Identity Provider (IdP)


  1. Login to the Acceptto appliance admin panel with an administrative account.
  1. Create a new application by selecting the Create New Application.
  1. In the Add Application dialog, enter the following values:

    App Name - The application name to be displayed in the admin panel and application portal. for example, NetScaler

    Issuer or Entity ID – The Issuer/EntityID of your NetScaler instance. Like,

    Sign in URL - The link used by your users to access the NetScaler. Like,

    Metadata URL - The URL containing metadata about your NetScaler instance. For example,

  2. Click Save to create the Application.

  3. Select the Show ID Provider Data and copy the certificate shown on this page.



NetScaler Configuration

  1. Login in your Citrix NetScaler and enter your username and password.

  2. Navigate to Traffic Management > SSL > SSL Certificate.

  1. Upload the X.509 certificate file you got from Acceptto SAML Appliance earlier.

  2. SSh to NetScaler and insert the following command (Change the values based on your  configurations):

    add authentication samlaction {NAME} -samlIDPCertName {IDP Certificate Name}

    -samlSigningCertName {Signing Certificate Name} -samlredirectUrl {Redirect URL}


                For example, the command could be like:


    add authentication samlaction SAML-Acceptto -samlIDPCertName SAML-Acceptto

    -samlSigningCertName lab-acceptto-com.pfx_CERT_KEY -samlredirectUrl



  3. Navigate to ConfigurationCitrix Gateway,Policies, Authentication,SAML, Servers
  4. Fill the User Field and click More.
  5. Change the Signature Algorithm to RSA-SHA256 and Digest Method to SHA256.
  6. Navigate to Citrix Gateway > Policies > Authentication > SAML > Policies.
  7. Click Add, fill the items like the following image and click Create.
  8. Go to Unified Gateway Configuration wizard and create a new Citrix Gateway Virtual Server with SAML authentication type:
  9. Click Continue and fill all other blank fields as follows:
  10. Go to the Citrix Gateway Virtual Server page.
  11. Select the newly-created Virtual Server, unbind LDAP authentication, and select SAML type.


Test Your Setup

  1. Go to your Citrix gateway virtual server link you got from the previous section. You will be redirected to Acceptto SAML page.

  2. After successful authentication, you’ll see the Acceptto MFA options, select your desired method. 

  3. Finally, you will be redirected to your Netscaler landing page.



If you require assistance, please email us at



Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.



All company, product and service names used in this document are for identification purposes only. Use of these names, trademarks, and brands does not constitute an endorsement by the Acceptto Corporation.