Gateway

Configuring Delegated Administrators

Citrix Gateway has a default administrator user name and password. The default user name and password is nsroot. When you run the Setup Wizard for the first time, you can change the administrator password.

You can create additional administrator accounts and assign each account with different levels of access to Citrix Gateway. These additional accounts are called delegated administrators. For example, you have one person who is assigned to monitor Citrix Gateway connections and logs and another person who is responsible for configuring specific settings on Citrix Gateway. The first administrator has read-only access and the second administrator has limited access to the appliance.

To configure a delegated administrator, you use command policies and system users and groups.

When you are configuring a delegated administrator, the configuration process is:

  • Add a system user. A system user is an administrator with specified privileges. All administrators inherit the policies of the groups to which they belong.
  • Add a system group. A system group contains systems users with specific privileges. Members of the system group inherit the policies of the group or groups to which they belong.
  • Create a command policy. Command policies allow you to define what parts of the Citrix Gateway configuration a user or group is allowed to access and modify. You can also regulate which commands, such as command groups, virtual servers, and other elements administrators and groups are permitted to configure.
  • Bind the command policy to the user or group by setting the priority. When configuring delegated administration, assign priorities to the administrator or group so Citrix Gateway can determine which policy takes precedence.

Citrix Gateway has a default deny system command policy. Command policies cannot be bound globally. You must bind the policies directly to system administrators (users) or groups. If users and groups do not have an associated command policy, the default deny policy is applied and users cannot execute any commands or configure Citrix Gateway.

You can configure custom command policies to define a greater level of detail for user rights assignments. For example, you can give one person the ability to add session policies to Citrix Gateway, but not allow the user to perform any other configuration.

Configuring Delegated Administrators