Citrix Gateway

Configuring Quarantine and Authorization Groups

When users log on to Citrix Gateway, you assign them to a group that you configure either on Citrix Gateway or on an authentication server in the secure network. If a user fails a post-authentication scan, you can assign the user to a restricted group, called a quarantine group, which restricts access to network resources.

You can also use authorization groups to restrict user access to network resources. For example, you might have a group of contract personnel that has access only to your email server and a file share. When user devices pass the security requirements that you defined on Citrix Gateway, users can become members of groups dynamically.

You use either global settings or session policies to configure quarantine and authorization groups that are bound to a user, group, or virtual server. You can assign users to groups on the basis of a client security expression within the session policy. When the user is a member of a group, Citrix Gateway applies the session policy based on group membership.

Configuring Quarantine and Authorization Groups

In this article