For many customers, I integrated Microsoft MFA within Citrix Netscaler and had encountered different issues. Here is a summary of the pitfalls I experienced during the setup of Azure AD Multi-Factor Authentication (MFA). I had once customer who had all of them!
Microsoft Azure AD Multi-Factor Authentication (MFA) is a very popular option for customers to use a flexible two-factor authentication and also have a great user experience. The setup of the NPS extension for MFA is normally simple, normally! Now here is my collection of problems I experienced:
- For the Powershell communication, the TLS1.2 must be activated. Use the following Powershell command to do so:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
- The Powershell script AzureMfaNpsExtnConfigSetup.ps1 has hardcoded $user='NETWORK SERVICE'. With this, the permission of the private key of the communication certificate is set. If
your AD doesn't use the English language, then you must change the script accordantly.
- Even if you are using Azure AD Free, you must switch at least to Azure AD Premium Trial to finish the setup. Afterwards, there is no problem with Azure AD Free.
Simply go to licensing when you are at Azure AD and activate the trial, and this will take only a few seconds.
- If you enable the NPS role on Server 2019, the local firewall rules are created that don't work.
You have to delete those rules and create new once for UDP 1812/1813
You know of additional problems with the installation of the NPS extension, then let me know.