NetScaler ADC nfactor Radius OTP challenge Buttons for SMS, Phone, Push

Hi all, 

On Citrix NetScaler ADC 12+

Currently using the standard default NoSchema Logon. with nextfactor auth to a Radius Authentication server policy action.  (One Identity Starling 2FA solution)


  -Everything works except during the OTP challenge page, users have to type in the method of delivery instead.   String format (SMS, Phone, Push, or the Code on the App)

My goal is to see if we can add response buttons at the OTP factor / challenge step,  so that the user does not have to type "SMS", "phone" or "push" to get the code sent to their registered numbers from the 2fa solution.


Question:  Does this take creating a custom logon schema XML, define policies bindings and test http body respond expressions in order to make the 2-3 uttons display during the Authentication factor-> Radius ->  OTP challenge?  


*I've tried to follow Cisco's Duo MFA guide from, but DUO is a more mature solution that uses different service ports for each toke delivery action (sms, phone, push).  It also have built in support for rfwebui.  


One Identity Starling Radius only supports basic Radius OTP string response to initiate the method of token delivery it seems.


Thanks in advance.

Parents Reply
  • An enhancement would be great.  But it would be great if there is a "how to guide " to incorporate this radius solution with the NetScaler.   It is unique because the first response requires a input of "sms", "phone", or "push".   Having the user type that in as a first response every single auth is bit tedious.

No Data