Secure Private Access installer
Download the Citrix Secure Private Access installer from https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/.
Run the .exe as an administrator on a domain joined machine.
For POC purposes, it is recommended that you install Secure Private Access on the same machine on which StoreFront is installed.
Follow the on-screen instructions to complete the installation.
Once the installation is complete, the first-time setup admin console opens automatically in the default browser window. You can click Continue to set up Secure Private Access.
You can also see the Secure Private Access shortcut on the desktop Start menu (Citrix > Citrix Secure Private Access).
For more information, see the following topics:
SSO to admin console
It is recommended that you configure Kerberos authentication for the browser that you use for the Secure Private Access admin console. This is because Secure Private Access uses Integrated Windows Authentication (IWA) for its admin authentication.
If Kerberos authentication isn’t set, you’re prompted by the browser to enter your credentials when accessing the Secure Private Access admin console.
- If you enter your credentials, you enable Integrated Windows Authentication (IWA) sign on.
- If you do not enter your credentials, you’re presented with the Secure Private Access sign-on page.
You must sign into the admin console to continue with the Secure Private Access setup. You can set up Secure Private Access with any user who belongs to the same domain as the installation machine, if the user has local administrator privileges on the installation machine.
For Google Chrome and Microsoft Edge browsers, perform the following steps to enable Kerberos.
- Open Internet Options.
- Select the Security tab and click Local Intranet Zone.
Click Sites and add the Secure Private Access URL.
You can also use a wildcard if planning to install Secure Private Access on multiple machines. For example,
Click Custom Level and in User Authentication > Logon, select Automatic logon with current user name and password.
- If using Chrome Incognito sessions, create a DWORD registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AmbientAuthenticationInPrivateModesEnabled and set to value 1.
- You must restart all Chrome windows (including non-Incognito windows) before Kerberos gets enabled for the Incognito mode.
- For other browsers, check the specific browser’s documentation on Kerberos authentication.