The various steps in the login process are:

1. The user navigates to the Netscaler / AGEE login page URL
2. Login page is displayed to the user
3. User enters username and clicks the Login button
4. GridGuard performs a check to determine if the user is already registered. This check will come back positive for registered users
5. GridGuard looks up user in Active Directory to determine if the user is a member of groups authorized to use a GridGuard (if such a group has been specified)
6. Active Directory responds back to indicate if the user is a member of the group. For valid users, this will return back a successful return code
7. GridGuard displays the login page with the grid
8. User enters their network password and GridPIN
9. GridGuard verifies GridPIN and creates a nonce
10. GridGuard sends back an HTML to the browser that is configured to automatically submit to Netscaler once the page is loaded
11. The auto-submit for submits the username, password and nonce-id to the Netscaler
12. Netscaler performs an LDAP bind against Active Directory to verify password
13. Active Directory responds back to indicate if the bind was successful. A successful bind indicates that the password was correct.
14. Netscaler performs an LDAP bind against GridGuard to verify nonce-id
15. GridGuard validates the nonce-id and deletes the nonce (so the same id cannot be used again for authentication)
16. GridGuard responds back to indicate that the bind was successful.
17. User is now considered authenticated and Netscaler provides the user access to the configured resources.

If either the password or the GridPIN authentication failed in this process, the user is automatically directed to the password incorrect page and denied access to the system.