Microsoft Intune and Citrix NetScaler integration

By | December 28, 2016

So with the upcoming release of the NetScaler 11.1  build 51, it will now finally support Intune integration which I have been waiting on for some time now. This new feature allows for Conditional access against on-premises web applications like SharePoint and such.

So for instance the integration allows NetScaler to pull compliance data from Intune, enabling conditional access policies. The conditional access policies give NetScaler Gateway to control the  access based on device functionalities and so on. For example, an administrator can create a policy where only devices with “Camera” disabled are granted access.

NOTE However: Only iOS and Android clients are supported at this time, and it requires an updated VPN client.

So how does this integration work?

localized image

Source: http://bit.ly/2iFjcon (Citrix)

  • An device is enrolled to Microsoft Intune
  • Policies and applications are publised to the endpoint
  • A users tries to connect to an on-premises web application
  • User is redirected to NetScaler Gateway website
  • The User presents an Oauth token to the Authentication Policy on the NetScaler Gateway
  • If the device is successfully enrolled, access to the on-premises web application is granted.
    • If the device is not enrolled, the VPN client will display an error message with a link to the Intune page to enroll the device
 So there are some things to note here however, this integration does use a Oauth authentication policy, so the user presents an Oauth token from Intune to the NetScaler Gateway vServer (which is configured with a non-addressable AAA vServer which handles the Oauth authentication)
In an upcoming post (after the build is released) ill write how to setup the integration and with a video showing how it works.

Leave a Reply

Your email address will not be published. Required fields are marked *