Okta Integration Network

Deep, pre-built integrations to securely connect to everything
Nothing found.

Citrix Gateway


This app integration supports Single Sign-On. See Capabilities for more details.

The Challenge

With the explosion of cloud apps and SaaS, the center of gravity of identity management is increasingly moving to the cloud as well. At the same time, end-users still require easy access to legacy enterprise apps via tools like XenApp and XenDesktop to enable and support their mobile workstyle. A complete IDaaS solution is needed that can integrate and unify these two worlds to improve administration and boost end-user production.

The Solution

Once Citrix NetScaler is deployed and configured with Okta, IT admins can manage access to cloud and legacy enterprise apps through a single pane of glass in the Okta admin console. IT admins are able to strengthen the security of all applications through centrally managed security policies that can be used by both cloud apps and NetScaler-fronted enterprise apps.

With NetScaler integrated to Okta, end-users can authenticate once into Okta and seamlessly access both Citrix apps and on-prem apps (like Sharepoint). In addition, NetScaler extends Okta’s authentication capability to applications outside of the Citrix portfolio that do not have native authentication mechanisms or support header-based authentication.

Application Authentication Mechanism


Pre-built Integration in Okta Application Network (5000+ integrations)


Federation protocols SAML, WS-Fed, OpenID Connect


Any Application with a Login Form


Citrix apps (e.g. XenApp & XenDesktop)

Okta + NetScaler

No Native Authentication

Okta + NetScaler

Kerberos/NTLM Exchange Authentication

Okta + NetScaler

Header-based Authentication

Okta + NetScaler

Reverse proxy—Access on-prem app from outside firewall

Okta + NetScaler

Secure HTTP traffic to/from on-prem app

Okta + NetScaler

Enable B2B access to Citrix and on-prem apps

It can be a challenge to expose virtual apps via XenApp/XenDesktop and on-prem apps like Sharepoint Server to external users such as partners and contractors. A traditional solution to this problem would be to integrate with each individual external Active Directory or LDAP server.

NetScaler supports federation for Citrix apps natively and for enterprise web apps using SAML to Kerberos Constrained Delegation. Okta, paired with NetScaler Unified Gateway, can manage contractor or partner identities and enforce multi-factor authentication.

NetScaler Diagram

Single end-user portal for all apps, on-prem and cloud

The Okta portal makes it easy for end-users to access all their apps from a single location. Typically, organizations using the Okta portal want all the end-users’ applications exposed and accessible through the portal. Integrating Okta with NetScaler enables the user to log in once to Okta, and access cloud applications like Salesforce, G Suite, and Box, as well as Citrix apps like XenApp/XenDesktop, in one place.

Okta NetScaler SSO

Increased on-prem security with MFA

Enterprises are moving to IaaS to allow services to be more easily reached from any network. But in moving to IaaS, enterprises need to have a strategy for protecting access to those resources. Given the greater exposure, it is a best practice to require multi-factor authentication to access these services. Okta can easily add multi-factor authentication with a soft token (iOS, Android or Windows Phone), SMS or voice as factors.

Okta NetScaler MFA