So with the upcoming integration between Intune and NetScaler I decided to take a look at some of the possiblities that are here with the latest build. I’ve blogged a bit about it before that Intune and NetScaler now supports Conditional Access to web applications, but Intune also supports VPN profile deployment to Citrix NetScaler SSL VPN.
Now Citrix has two VPN clients, one for iOS and one for Android. The iOS version has supported Intune for about 1 month, but to be able to leverage it for Android you need to join the beta version program, which can be found here –> https://play.google.com/store/apps/details?id=com.citrix.CitrixVPN&hl=no if you get it on AppStore you have an option to choose beta version from there.
Since there is no option to deploy the Android beta app using Intune as of now, this step will only show the Android client as is (this will of course change when Citrix gets out an updated version)
NOTE: Leveraging this walktrough, it requires that your Android device is already enrolled into Intune using Company Portal.
Since Intune doesn’t support linked Android from store you need to download the apk file from the store, so using a site like apkpure — https://apkpure.com/citrix-vpn/com.citrix.CitrixVPN
Software installer from Intune (Yes its in Norwegian…) but I just point to type APK and find the APK file stored locally on my computer.
After you have uploaded it, we can distribute it to our users.
The easiest way to not enforce an deployment is to choose user based install and define it as available
Now we need to configure the VPN Policy within Intune. Go into policies – Configuration Policies – Click Add – Android – VPN Profile. Select Citrix from the connection type.
Define the IP address of the NetScaler Gateway. Even though it is a reuirement to define custom data I havent found any documentation around what kind of data it is expecting there yet.
I just defined a Authentication method to username and password and defined an IP address.
NOTE: The documentation on Citrix just started appearing in the last 20 days so I expect some more information come there a bit later as well.
After you’ve created the policy you have to deploy it to our devices
When the policy refresh happens on the device or you can go into the company portal and refresh the VPN policies.
So after the VPN profiles have been refreshed you can open up the Citrix SSL VPN client and notice that the VPN connection has been created.
So in the next post we will take a closer look at Per-App VPN and Conditional Access leveraging Citrix VPN.