Authentication methods

The NetScaler appliance can authenticate users with local user accounts or by using an external authentication server. The appliance supports the following authentication types:

  • LOCAL: Authenticates to the NetScaler appliance by using a password, without reference to an external authentication server. User data is stored locally on the NetScaler appliance.
  • RADIUS: Authenticate to an external RADIUS server.
  • LDAP: Authenticates to an external LDAP authentication server.
  • TACACS: Authenticates to an external Terminal Access Controller Access-Control System (TACACS) authentication server.
  • CERT: Authenticates to the NetScaler appliance by using a client certificate, without reference to an external authentication server.
  • NEGOTIATE: Authenticates to a Kerberos authentication server. If there is an error in Kerberos authentication, NetScaler uses NTLM authentication.

  • SAML: Authenticates to a server that supports the Security Assertion Markup Language (SAML).

  • SAML IDP: Configures the NetScaler to serve as a Security Assertion Markup Language (SAML) Identity Provider (IdP).

  • WEB: Authenticates to a web server, providing the credentials that the web server requires in an HTTP request and analyzing the web server response to determine that the user authentication was successful.

  • Native OTP: NetScaler appliance supports one-time passwords (OTPs) without having to use a third-party server.

  • Push notification: NetScaler Gateway supports push notifications for OTP. Users do not have to manually enter the OTP received on their registered devices to log in to NetScaler Gateway. Admins can configure NetScaler Gateway such that login notifications are sent to users’ registered devices using push notification services.

  • Email OTP: The Email OTP method enables you to authenticate using the one-time password (OTP) that is sent to the registered email address. When you try to authenticate on any service, the server sends an OTP to the registered email address of the user.

  • reCaptcha authentication - NetScaler Gateway supports a new first class action ‘captchaAction’ that simplifies reCaptcha configuration. As reCaptcha is a first class action, it can be a factor of its own. You can inject reCaptcha anywhere in the nFactor flow.

  • nFactor authentication: Multifactor authentication enhances the security of an application by requiring users to provide multiple proofs of identity to gain access. The NetScaler appliance provides an extensible and flexible approach to configuring multifactor authentication. This approach is called nFactor authentication.

  • OAuth authentication: OAuth authentication authorizes and authenticates users to services that are hosted on applications such as Google, Facebook, and Twitter.
Authentication methods

In this article