Citrix NetScaler Identity Provider

Citrix Netscaler can be used as an IdP for Planning Space.

NetScaler has advanced features including multiple identity providers, multiple authentication methods, and nFactor multi-factor authentication, which are out of scope of this document.

Citrix NetScaler authentication flow

Citrix NetScaler authentication architecture.

Initial authentication flow (numbers refer to the numbered arrows in the diagram):

1. A user initiates login to the Planning Space tenant website, https://{IPS.domain}/{TENANTNAME} .
2. IPS Server redirects to the Citrix NetScaler login page, where the user will enter credentials (UPN username and password).
3. NetScaler passes the authentication request to Active Directory (or another configured authentication provider)/
4. User is successfully authenticated.
5. NetScaler passes a SAML token to IPS Server (containing the user's UPN).
6. User has completed authentication for IPS and can access the tenant website. From here she can download the Planning Space client application to her local machine.
7. User does login to the Planning Space client application. All subsequent activity takes place within the client application.