Analyze Risk and Adapt

Citrix and RSA have partnered to integrate RSA’s Adaptive Authentication methods with NetScaler’s AAA and Access Gateway Enterprise Edition (SSLVPN) systems to protect portals, applications, and networks. This also works with Citrix applications and technologies like XenDesktop and XenApp providing secure, remote access to user enterprise applications.


A common deployment topology is shown with the NetScaler appliance in the DMZ providing access to the RSA Adaptive authentication service components in the trusted zone. Other deployment topologies are possible depending on whether the RSA Adaptive Authentication components are located on-premise or hosted.

The solution has the following components:

  • Citrix NetScaler – Version 9.2 or later running on either MPX hardware appliances or VPX virtual appliances. This provides the primary authentication service against the Identity provider for the enterprise and integrates with RSA AA to provide the enhanced authentication services. NetScaler also load balances RSA AA components using RADIUS load balancing for the RADIUS adapter and HTTP load-balancing schemes for the Adaptive Authentication adapter and the Data Protection Server components.
  • Identity Provider: Provides primary authentication services for the user. This is usually Active Directory or equivalent LDAP based system though NetScaler supports multiple Identity providers.
  • RSA Adaptive Authentication Server (Hosted or On-Premise): Provides the secondary authentication of users based on behavioral and other inputs.


Integrating the advanced Authentication features in RSA’s Adaptive Authentication services with Citrix NetScaler substantially enhances the security of the enterprise and cloud applications delivered through the NetScaler while providing a seamless end-user experience.

How it works

  1. User attemtpts to access a system protected by Adaptive Authentication
  2. User’s activity is analyzed by the RSA Risk Engine and is assigned a Risk Score
  3. RSA Policy Manager determines Risk using Behavioral Analysis
  4. User is directed to “Step-Up Authentication”

Watch it in action

Download the NetScaler / RSA AA Integration Guide

RSA Adaptive Authentication is Citrix Ready Certified!

NetScaler Web Application Firewall

It’s powerful!