Home

Intune VPN via Citrix Netscaler

%3CLINGO-SUB%20id%3D%22lingo-sub-240531%22%20slang%3D%22en-US%22%3EIntune%20VPN%20via%20Citrix%20Netscaler%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-240531%22%20slang%3D%22en-US%22%3E%3CP%3EFolks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWanted%20to%20get%20some%20thoughts%20around%20utilizing%20Citrix%20to%20provide%20VPN%20capabilities%20for%20Intune%20Managed%20devices.%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20we're%20trying%20to%20accomplish%20is%20use%20a%20SSL%20tunnel%20via%20the%20Managed%20Browser%20to%20provide%20access%20to%20our%20internal%20sites%20or%20Cloud%20applications%20(SSO%20via%20PingFederate%20and%20exposed%20to%20internal%20networks%20only).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBackstory%3A%20We%20were%20using%20Cisco%20and%20got%20it%20running%20in%20our%20dev%20environment%20only%20to%20figure%20out%20that%20they%20don't%20support%20Kerberos%20proxying%2Fforwarding%20and%20most%20of%20our%20sites%20were%20generating%20multiple%20authentication%20prompts.%20Enter%20Citrix%3C%2FP%3E%3CP%3EWe're%20in%20initial%20talks%20with%20them...but%20seems%20like%20they%20support%20Kerberos%20proxying%20on%20the%20managed%20browser%20multiple%20ways....one%20method%20that%20interests%20us%20is%20client%2Fuser%20certs%20and%20extracting%20the%20UPN%20to%20proxy%20the%20kerberos%20auth%20request%20forward.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EQuestions%3A%3C%2FP%3E%3CP%3E1.%20Does%20Citrix%20VPN%20support%20zero%20touch%20per-App%20VPN%20on%20iOS%3F%3C%2FP%3E%3CP%3E2.%20When%20will%20Intune%20support%20device%20certs%3F(I%20keep%20hearing%20October%20but%20if%20someone%20knows%20-%20feel%20free%20to%20correct%20me)%3C%2FP%3E%3CP%3E3.%20How%20does%20everyone%20else%20handle%20kerberos%20authentication%20via%20managed%20browser%2FEdge%20on%20Intune%3F%3C%2FP%3E%3CP%3E4.%20Can%20Citrix%20in%20fact%20do%20what%20they%20claim%20i.e.%20provide%20a%20proxying%20service%20for%20Kerberos%20and%20SAML%20auth%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20someone's%20done%20this%20before%20-%20would%20love%20to%20chat%20with%20them%20about%20their%20experience%20and%20lessons%20learned.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EKhalid.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-240531%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%20VPN%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Khalid Mehmood
New Contributor

Folks,

 

Wanted to get some thoughts around utilizing Citrix to provide VPN capabilities for Intune Managed devices. 

What we're trying to accomplish is use a SSL tunnel via the Managed Browser to provide access to our internal sites or Cloud applications (SSO via PingFederate and exposed to internal networks only).

 

Backstory: We were using Cisco and got it running in our dev environment only to figure out that they don't support Kerberos proxying/forwarding and most of our sites were generating multiple authentication prompts. Enter Citrix

We're in initial talks with them...but seems like they support Kerberos proxying on the managed browser multiple ways....one method that interests us is client/user certs and extracting the UPN to proxy the kerberos auth request forward.


Questions:

1. Does Citrix VPN support zero touch per-App VPN on iOS?

2. When will Intune support device certs?(I keep hearing October but if someone knows - feel free to correct me)

3. How does everyone else handle kerberos authentication via managed browser/Edge on Intune?

4. Can Citrix in fact do what they claim i.e. provide a proxying service for Kerberos and SAML auth?

 

If someone's done this before - would love to chat with them about their experience and lessons learned.

 

Regards,

Khalid.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies