NetScaler introduced native OTP (One Time Password) some time ago, which you can incorporate in the login process as long as you have AD servers ready to use as a database.
During the login flow, you might want to extract which group(s) a user is a member of, and based on that information change the login flow.
Introduction Users that forget their password usually adds unwanted queues to helpdesk. Wouldn’t it be nice, if the user’s themselves could reset their own password?
SAML is a protocol that is taking off more and more allowing authentication of users without passwords over public Networks.