On Demand Citrix Nerds consulting services 24 hours a day!

Phone: 1-800-905-0005

Home > Documentation > Netscaler Azure Multifactor Authentication

Installation Documentation
Netscaler Azure Multifactor Authentication

1. Install "Network Policy and Access Services" Role and include "Group Policy Management" Feature
2. Download and install Win8.1AndW2K12R2-KB3191564-x64.msu and permit server to reboot when installation is complete
3. Download and install NpsExtnForAzureMfaInstaller.exe
4. Start Powershell as Administrator and cd C:\Program Files\Microsoft\AzureMfa\Config
5. Run AzureMfaNpsExtnConfigSetup.ps1 and be prepared to enter your Tenant ID which is your Directory ID (see scrren shot below)
6. When the Powershell script completes running you'll be prompted to sign in to your Microsoft account
7. Import RADIUS Configuration and edit IP's:
NPS, RADIUS Clients & Servers, RADIUS Clients - Netscaler-NSIP Change from to IP address of Netscaler Management IP
NPS, RADIUS Clients & Servers, Remote RADIUS Server - General Tab, RADIUS Server name - change to hostname of RADIUS server for installation
NPS, Policies, Connection Request Policies, MFA Server No Forward - Conditions Tab IP: to IP address of Netscaler Management IP
*As a courtesy a pre-configured RADIUS configuration file that can be imported is available for download below
8. Register RADIUS Server with Active Directory
9. Netscaler RADIUS Authentication Server:
add authentication radiusAction AZUREMFA -serverIP -serverPort 1812 -authTimeout 10 -radKey 12345 -radNASid MFA -passEncoding mschapv2
*Netscaler label name is AZUREMFA, IP address of RADIUS server is, Secret Key is "12345", NAS ID is "MFA" and Password Encoding is "mschap2"
10. Netscaler RADIUS Authentication Policy:
add authentication radiusPolicy pol_azuremfa NS_TRUE AZUREMFA
*Netscaler label name for policy is "pol_azuremfa", uses AZUREMFA RADIUS Server and expression to use it is "NS_TRUE" meaning always use it

Download XML Configuration:
XML Configuration file to import in to Windows RADIUS / NPS Server

Microsoft Tenant ID Azure Active Directory