SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Citrix Store Front Integration Support?

Jump to solution



I want to integrate Citrix Store Front with RSA Authentication Manager with software tokens, so I just want to know that is RSA AM supports store front for 2 factor authentication?


Kindly advise and pls share the guide how to integrate the same.



Deepanshu Sood.

Labels (1)
1 Solution
4 Replies
Apprised Contributor Apprised Contributor
Apprised Contributor

I'll try to provide some of the bigger picture with Citrix that you won't get from the manual.

Basically we have integrated with Citrix NetScaler for a very long time, you make the NetScaler a RADIUS client with associated authentication agent on the AM server, and configure the NetScaler to Authenticate to a RADIUS server - which is the AM Primary and/or Replica. Works great.


But when the NetScaler goes through the StoreFront, SF you had to logon again, with the LDAP or AD password.

So RSA recently developed our Authentication agent for Citrix, basically a variation on our Windows agent, which installs on the Citirx StoreFront Windows 2012 R2 server, but only works with SF 3.0, not SF 3.5 or 3.6. This integration at the StoreFront instead of at the NetScaler allows you to avoid that second LDAP/AD logon by using the RSA Windows Authentication Agent concept of Windows Password Integration. You always need to logon to Windows, but what RSA does through an AM offline authentication policy is allows RSA to learn your Windows Password and keep its MD5 hash in our RSA database, so that on your second and subsequent SF logon, RSA can logon to Windows for you (until Windows Password nears expiration and AD starts prompting you to change it). In short the NetScaler integration is a little easier but cannot take care of that last LDAP or AD password logon, while StoreFront Integration is more involved, only works with SF ver. 3.0, but can be configured to do your Windows Logon for your users who are allowed to by AM Offline Auth Policy.

Sir you're great. Unfortunately the day when I post it on community after that now today only I am reading out all the above.

Yesterday itself I got to know the complete architecture for integration & authentication method, that only we need to integrate the netscaler.

And yesterday itself I have completed the POC.


Many many thanks again for clarifying all my doubts


Have a great day ahead sir



Deepanshu Sood.


I have a doubt regarding the Citrix integration.  If the NetScaler is not implemented on the Customer and the StoreFront version is newer than the supported 3.0. Is there any workaround for this environment to use Authentication Manager? Is there any intention to add support for newer Store Front versions?

Or at least the NetScaler is usually part of the Citrix architecture?