Adding MFA to Citrix Access Gateway

Note: This integration does not support the use of Push. You will need to use OTP.


Setting up MFA for RADIUS is a requirement for this integration. Please see this article for more information.

  1. Go to the Start Menu and click on All Programs, then Citrix, then ‘Access Gateway Administration Tool’, then open Access Gateway Administration Tool‘.

  2. Log on to the Access Gateway administrator console.
  3. Click the Authentication tab.
  4. Create a new Authentication Realm, or delete and replace the Default realm, as appropriate.
  5. Click on Add, and set the Authentication Type to ‘RADIUS authentication’ and click OK.
  6. Type in the IP address, port, and shared secret of the agent, select Use the password one time, then click Submit. (The Radius agent runs on port 1812 by default)
  7. (Optional) - Click Advanced, change the Password labels to read Passcode and click OK.
  8. Close the Citrix Access Gateway Administration Tool.
  9. Log on to the Citrix Access Gateway website you protected with MFA. You will now see a Passcode field in place of the Password field. 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us