Fun quick fact that I’ve encountered when deploying a ADC Gateway GSLB setup for a customer! You only have to enroll once with the nFactor/Native OTP on one of the ADC’s. (when having a Active Directory Domain across multiple datacenter sites)
The setup of choice:
- Two ADC appliances in HA set on each site
- GSLB enabled in active/passive mode for the Gateway across both sites
- Native OTP enabled and active as the way for authentication
- Active Directory Domain across two sites
There is no difference in configuration whatsoever because the magic of Native OTP depends on Active Directory.
Configure each ADC identically with the nFactor/Native OTP setup and enable GSLB and you’re done. I must admit at first I thought that I would need to enroll at both gateways independent but happily this is not the case.
For the configuration steps see common examples as below:
https://docs.citrix.com/en-us/netscaler-gateway/12-1/native-otp-support.html
https://www.carlstalhood.com/netscaler-gateway-12-native-one-time-passwords-otp/