NetScaler – Create Management URL for Native One Time Passwords (OTP)

The OTP feature which is available since NetScaler 12.0 Build 51.24 is a great feature to reduce your operationg costs or implement 2 factor authentication for the first time because your company/customer wanted to save some money instead of investing in  secure remote access 🙂

If you already have configured the AAA server, schemas and the authenciation policies you should be able to access the OTP Management Web GUI with the substring “/manageotp” on your NetScaler Gateway. If this is not the case please follow Carl Stalhoods  detailed configuration steps.

While setting this up in my lab, I already could imagine that the first users will complain at the Helpdesk because the URL is to “difficult” to remember.  To make our/their life easier we will create a DNS A-Record with the desired URL and implement a responder policy to achieve this demand.

Step 1 – DNS Record

Create an A-Record with the FQDN the users should have access to manage their token. This record is pointing to the VIP of your NetScaler Gateway.  Please make sure the used SSL certificate is matching.

Example: token.flashmob-saulgau.de

dns

Step 2 – NetScaler Configuration

Create an action/policy for the “manageotp” responder.

Bind the responder policy to your NetScaler Gateway.

Now you can browse to “token.flashmob-saulgau.de” and you will be  redirected to the login form where the users can manage their tokens.

otp2.png

 

Leave a Reply

Your email address will not be published. Required fields are marked *