Netscaler
Enable Access Gateway features
Access Gateway - Policies - Authentication - Servers (tab)
Add the domain controller

Access Gateway - Policies - Authentication - Policies (tab)
Add a new policy

Select the Server created earlier and add ns_true as expression
Access Gateway - Policies - Session - Profiles (tab)
Add a new profile




Change the Web Interface Address to your local web interface server path
Change the Single Sign-On Domain to your Active Directory domain
Access Gateway - Policies - Session - Policies (tab)
Add a new Policy

Add the ns_true expression
Change the Request Profile to the profile created earlier
Access Gateway - Virtual Servers
Add a new virtual server

Give an IP address
Select the SSL certificate (click here how to add SSL certificate to NetScaler)



Insert the policy created earlier



Add the URL to the STA

Citrix Web Interface
Create a new XenApp Web Sites
Authentication Point: At Access Gateway
Available Method: Explicit
Authentication Method:

Add the URL (https) that is publicly available for the user
Secure Access: Gateway Direct

Enter the publicly available URL to the address


Add the STA URL exactly the same with the STA servers you added to the Netscaler