Hardware tokens for Native OTP Authentication with NetScaler

Citrix NetScaler One Time Password (OTP) feature is introduced with NetScaler 12.0 FR1. This feature offers OTP authentication capabilities without having to use a third party server. In addition, it consolidates configuration within the NetScaler, thus offering great control to administrators.

---

This guide describes the user interface flow for enabling Token2 programmable tokens with the Native OTP capability already activated. Native OTP configuration procedures are described here.

Navigating to ManageOTP URL e.g., https://otpauth.server.com/manageotp (alternatively, you can use https://alt.server.com if you have configured host-based management page), we will be presented with initial logon page that only requires ldap logon credential:

After login with a valid credential, we will see the manage device page as follow:

After click ‘+’, type in the device name, click ‘go’, and click ‘done’, we will see a QR code generated. This indicates the device has been registered:

Now, launch Token2 Burner App on your Android device.

Click on Scan QR button and scan the QR code shown on the configuration page as described in the previous step. Then, push the button on the token device and hold it close to the NFC antenna of your Android device (usually below the camera on the back). Click on "burn seed" button. The app should show "burn seed process succeeded" message if the process is successfully completed.

An OTP generated by your token can be entered to test the newly registered device.