Self-Service Password Reset on Netscaler

From 12.1 build 50.28 version of Citrix ADC, SSPR can be activated on N-faktor flow. This gives users the ability to reset their own Active Directory passwords securely, from remote.

Prerequisites

Before you configure the self-service password reset, review the following prerequisites:

  • Citrix ADC feature release 12.1, build 50.28.
  • Supported version is minimum 2008 AD domain function level.
  • The ldapBind username bound to the Citrix ADC needs to have write access to the users AD OU.
  • Self-service password reset is supported in nFactor authentication flow only. (Require Enterprise license)

Installation

Citrix has done an great job with the documentation, so I will not create own and only redirect you to Citrix Docs: Citrix Docs – Self-service password reset

Registration flow

Under I try to explain the flow of user registration. It require that you have done all setup steps from Citrix Docs. Go to you login page https://portal.citrixblog.no or something like that. Normal logon form with username and password is shown.

Depend if user has registered personal information earlier or not, it will popup for new user only. If old user want to change or check the information, they can use https://portal.citrixblog.no/register

Both URL will open this form:

User need to choose some questions and add answers. This will be used to reset password if needed.

Password reset flow

This chapter will cover a Password reset workflow. User go to the portal and try to logon. If they has forgotten the password, user can Click Forgot Password.

1. User need to answer question added in the registration and click Log On
2. Enter the email OTP. Once the email OTP validation is successful, the password reset page is displayed.
3. User can now choose a new password and finish with Submit.

One Reply to “Self-Service Password Reset on Netscaler”

  1. Hi
    Thanks for the post.

    Do you know if the SSPR feature uses its own URL or can it be integrated with our Citrix Gateway login page?

    It would be ideal if this can integrate seamlessly then just add the /Registration path for new user registration?

    Thanks

Leave a Reply