If you had the opportunity to start with a completely new IT infrastructure, how would you design it? Perhaps push as much as you can into a protected data centre (on-prem or in a public cloud), use XenApp to deliver legacy applications and provide end-users with device choice that you can manage without deploying any infrastructure. Identity is the new control plane, where you can offload the entire authentication process away from NetScaler to Azure AD. However, instead of authenticating directly to on-premises Active Directory and a 3rd party MFA solution ( remember these?) you can provide users with a consistent authentication experience, apply a single set of access policies against your hosted and SaaS apps and gain insights into user identity protection. So, here’s your traditional remote access front-end (with some nice branding, if you ask me). Additionally traditional NetScaler Gateway configurations will have seperate access and authorisation policies from those SaaS apps. This can leave remote access to hosted applications through NetScaler stand out with a different authentication experience. Organisations migrating to Microsoft’s cloud offerings, such as Office 365, have access to Azure AD and can therefore enable Single Sign-on to across all SaaS apps. The use of cloud services is gaining traction rapidly - I’d be hard pressed to meet a customer that is not using a SaaS application. Here’s I’ll cover some of the configuration via the Azure Resource Manager portal. Having said that, I’m pretty sure I’m late to the party - Anton van Pelt has covered most of the required configuration steps already however, it’s based on the Azure Classic portal. The possibilities for securing remote access and the improved user experience that this configuration provides is so damn cool, everyone should know about it. That happened for me this week when configured Citrix NetScaler to authenticate to Azure Active Directory via SAML and enforce access to XenApp via Azure Multi-factor Authentication and Azure AD Conditional Access policies. Configuring NetScaler for SAML AuthenticationĮvery so often a few of your favourite technologies intersect to create something magical and your passion for IT is renewed.