With Netscaler, you can control the resources that an authenticated user can access within an application.
To do this, you will need to create an authorization policy in Netscaler and associate the policy to either individual users or a group of users. For detailed instruction, please refer to Netscaler documentation below:
Authorizing User Access to Application Resources
If you are going to associate an authorization policy to a user group, then you need to configure your DualShield server to return a RADIUS attribute that contains the name of the user group, and configure your Netscaler server to receive the RADIUS attribute.
To configure DualShield to a RADIUS attribute, go to RADIUS/Radius Attributes and click create to add a new Radius Attribute. Select "Citrix" as the Vendor, "Citirx-User-Groups" as the Attribute Name, and enter the user group name in the Fixed Value, e.g "Administrator". In order to assign the newly created attribute to a user group, find the target group in Directory/Group, tick the newly created attribute in the context menu: Radius Settings/Radius Attribute.
For NetScaler server to receive the RADIUS attribute, go to Configuration/NetScaler Gateway/Authentication/Radius/Server. Expend Authentication Radius server configure setting. Map the "Group Vendor Identifier" with the "Vendor ID" of the RADIUS attribute, and "Group Attribute Type" with the "Attribute ID".
