Fintech client

A financial fintech client required that all internal staff to have secure remote access to the Citrix CVAD platform using NetScaler/OKTA IDP MFA (SAML) without Citrix FAS servers (in-case of a FAS server outage). External client users would not have this option.

We had previously integrated OKTA MFA IDP and a highly available Citrix FAS with an existing NetScaler solution in a previous project for this client. There was no official documentation from Okta or Citrix on how to deploy OKTA MFA using SAML without Citrix FAS servers. Other setup guides online were out of date or inaccurate.

We were able to contact the NetScaler specialist at Okta USA and with his guidance were able to successfully implement a staff only gateway with Okta IDP + SAML without Citrix FAS. Thorough testing was carried out prior to going into production to ensure that the new OKTA applications and NetScaler gateway/Storefront Store was a robust, secure and reliable solution.

Several months after going into production, all external client remote workers were unable to access the Citrix platform via Okta using the production Citrix gateway but company staff were not impacted using the new staff-only Citrix FAS free gateway portal. We were able to quickly identity, isolate and resolve the issue to the production Citrix FAS servers by logging in using the new staff FAS free gateway and minimise the impact of the outage.