Install Secure Private Access
The secure Private Access installer is available as a standalone installer or as part of the integrated Citrix Virtual Apps and Desktops installer.
Admin account requirements to install and manage Secure Private Access
- To install Secure Private Access, you must be logged in with a local machine administrator account.
- To set up Secure Private Access, you must sign into the Secure Private Access admin console with a domain user which is also a local machine administrator for the machine where Secure Private Access is installed.
- After the setup is complete, that user becomes the first Secure Private Access administrator and can then add other administrators.
- To manage Secure Private Access after the setup, you must sign into the Secure Private Access admin console with a Secure Private Access administrator account.
Perform the following steps to install Secure Private Access:
- Download the Citrix Virtual Apps and Desktops product software from https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/ and launch the wizard.
- Click Start next to the product to install: Virtual Apps or Virtual Apps and Desktops.
-
Choose Secure Private Access and follow the on-screen instructions to complete the installation.
For detailed step-by-step instructions, see Install core components and Install using the command line.
Once the installation is complete, the first-time setup admin console opens automatically in the default browser window. You can click Continue to set up Secure Private Access.
You can also see the Secure Private Access shortcut on the desktop Start menu (Citrix > Citrix Secure Private Access).
SSO to admin console
It is recommended that you configure Kerberos authentication for the browser that you use for the Secure Private Access admin console. This is because Secure Private Access uses Integrated Windows Authentication (IWA) for its admin authentication.
If Kerberos authentication isn’t set, you’re prompted by the browser to enter your credentials when accessing the Secure Private Access admin console.
- If you enter your credentials, you enable Integrated Windows Authentication (IWA) sign on.
- If you do not enter your credentials, you’re presented with the Secure Private Access sign-on page.
You must sign into the admin console to continue with the Secure Private Access setup. You can set up Secure Private Access with any user who belongs to the same domain as the installation machine, if the user has local administrator privileges on the installation machine.
For Google Chrome and Microsoft Edge browsers, perform the following steps to enable Kerberos.
- Open Internet Options.
- Select the Security tab and click Local Intranet Zone.
-
Click Sites and add the Secure Private Access URL.
You can also use a wildcard if planning to install Secure Private Access on multiple machines. For example,
"https://*.fabrikam.local". -
Click Custom Level.
-
In User Authentication > Logon, select Automatic logon with current user name and password.
Note:
- If using Chrome Incognito sessions, create a DWORD registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AmbientAuthenticationInPrivateModesEnabled and set to value 1.
- You must restart all Chrome windows (including non-Incognito windows) before Kerberos gets enabled for the Incognito mode.
- For other browsers, check the specific browser’s documentation on Kerberos authentication.