United States | Securing Your Environments with Multi-Factor Authentication

James Kindon - 12.06.2020

United States | Securing Your Environments with Multi-Factor Authentication

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

Securing Your Environments with Multi-Factor Authentication

United States | Securing Your Environments with Multi-Factor Authentication

Multi-Factor Authentication (MFA) is one of the low hanging fruits when it comes to protecting your identity and securing technologies such as Citrix Virtual Apps and Desktops.

Disturbingly, we still see many environments which are not securing themselves; still leveraging a single factor, basic Active Directory username and password for authentication. This is a significant security hole and should be the highest priority item on your list of projects/outcomes to implement ASAP.

United States | Securing Your Environments with Multi-Factor Authentication

In the current landscape, the cost is not a factor any longer given there are several entitlements included in the technology stacks most customers are consuming. Additionally, Fear of Change (or FoC) can no longer be used as an argument as consumer applications and services have been forcing MFA methodology for years. Not seeing this in the enterprise raises more flags than the requirement for it, both from security savvy individuals, through to the everyday consumer. Who do you know who can access a mobile banking application without being challenged for additional verification that you are indeed who you appear to be?

This post outlines two options available to almost all customers. Of course, there are additional paths and options, but at typically next to no additional cost, these are the areas we focus on.

SOLUTION 1: AZURE ACTIVE DIRECTORY

 Azure Active Directory underpins Office 365 services. If you are an Office 365 customer, you have Azure Active Directory available to you. There are multiple tiers of licencing and capability for Azure Active Directory however, some recent changes by Microsoft now means any Microsoft customer using a subscription of a commercial online service such as Azure, Office 365, Dynamics and Power Platform can enable SSO for all their cloud apps, even with Azure AD Free. This means that if you have any form of commercial entitlement, you can integrate your Citrix environment with Azure Active Directory and achieve either basic multi-factor authentication protection or a more enhanced Conditional Access driven identity protection mechanism – should you be entitled to it.

United States | Securing Your Environments with Multi-Factor Authentication

Leveraging Azure Active Directory typically requires handoff via SAML authentication to Microsoft, from either your existing Citrix StoreFront, Citrix ADC Gateway or Citrix Cloud Workspace. To support the translation of SAML to a method which Windows understands, Citrix provides the Federated Authentication Service which issues a certificate for the user and performs a virtual smart card logon to the Windows endpoint. Conversely, the same process and requirements exist should you consume a 3rd party IDP like OKTA in place of Azure Active Directory.

Alternatively, Azure MFA can be leveraged by using the Network Policy Server (NPS extensions), however this is counter-intuitive to those with conditional access requirements.

SOLUTION 2: CITRIX TIME-BASED ONE-TIME PASSWORD

Citrix Cloud (Workspace) and Citrix Application Delivery Controllers (ADC) both offer a native form of Citrix Driven Time-based One-time Password (TOTP) second-factor authentication. This capability is for those users running Active Directory as their primary identity source and are looking to add some additional security to their access solutions where 3rd party providers are not an option (such as Microsoft, OKTA, DUO etc).

United States | Securing Your Environments with Multi-Factor Authentication

 

For Citrix ADC deployments, this functionality is included with an Advanced or Premium Licence and falls under nFactor (AAA) authentication policies.

For Citrix Cloud-based deployments, the TOTP solution is delivered directly from the Cloud (Citrix Workspace) and can leverage the likes of Google Authentication, Microsoft Authenticator, Citrix SSO mobile apps. The capability is included in the Workspace Service.

SUMMARY

Multi-Factor Authentication is no longer a “nice to have” solution. Identity theft is real and it is common. It is critical to hardening your remote access systems (all systems for that matter regardless of location) and protecting your users’ identity. With the increased flexible working arrangements currently in play, and the entitlements available to almost every customer, now is the time to close at least one weak point in the environment with some very easy wins.

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | The AI Execution Gap: Why Belief Without Action is the New Business Risk

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.