Secure Private Access integration with Director (Preview)
The Secure Private Access integration with Director allows help desk admin or full admin to monitor and troubleshoot all Secure Private Access sessions in Director. To support this feature, you must use the 2402 or later versions of Director, Secure Private Access, Citrix Workspace app, and VDA.
Available actions include viewing the details of the following:
- Secure Private Access active sessions for a user under the Select a Session popup > Sessions tab > Web Apps and SaaS Apps
- Secure Private Access failed or blocked enumerations and failed app launches under the Select a Session popup > Denied Access tab
- Session and application details view for active and failed app launches
- Session and application details view for failed and blocked enumerations
Note:
The Secure Private Access integration with Director is only supported for Director Forms-based authentication and not supported for Integrated Windows Authentication or Smart Card based authentication.
Prerequisites
-
To support this feature, you must use the following:
- Director 2402 or later version
- Secure Private Access 2402 or later version
- Citrix Workspace app 2402 or later version
- Ensure that at least one Citrix Virtual Apps and Desktops site is configured on Director.
- Set up Secure Private Access.
- Make sure that Director server has network connectivity to the Secure Private Access server.
-
Ensure that the Director admin user has the following permissions:
- Secure Private Access Full Admin or ReadOnly Admin in the Secure Private Access Admin console.
- Citrix Virtual Apps or Desktops help desk or Full Admin or ReadOnly Admin in the Citrix Studio console.
Configure Director with Secure Private Access
- Open a command prompt on the machine where Director is installed.
-
Go to the path of the
DirectorConfigtool by running the following command:cd c:\inetpub\wwwroot\Director\tools <!--NeedCopy--> -
Run the following command to configure Secure Private Access:
DirectorConfig.exe /configspa <!--NeedCopy--> -
Enter the FQDN of the machine where Secure Private Access is installed along with the port number.
Note:
The admins must be added to the Secure Private Access console to view the Secure Private Access session details in Director. For more information, see Manage administrators.
View a Secure Private Access session by user
On the Director dashboard, click Search and enter the user name. The Select a session screen appears.
Full admin:
Help desk admin:
View successfully launched Web apps and SaaS apps
The successfully launched apps are displayed on the Web Apps and SaaS Apps section.
Click an app from the Web Apps and SaaS Apps section to view the details.
For more information on success codes, see Citrix Director related codes.
View details about the access denied apps
Click Check Access Details on the Select a session screen.
Note:
The Check Access Details button appears when there is no active session.
Or,
Click the Denied Access tab to view the apps for which the access is denied.
The Denied Access tab opens.
The session details such as time, resource, endpoint name, and reason for failure are displayed. For more information on error codes, see Citrix Director related codes.
Currently, the following issues are identified:
- Enumeration denied due to policy conditions
- App launch error
- Enumeration errors
- App launch denied due to policy conditions
Select an app from the Denied Access tab > Resource column to view the details:
The following details are displayed for the successful or failed sessions:
- About the app
- Policy evaluation
- Session details
About the app
The name of the successful, failed, or denied app is displayed. Along with it, the following details of the app for the success or failure are displayed:
| Field | Description |
|---|---|
| Transaction ID | Citrix Transaction ID during the session or enumeration. |
| Accessed URL | The URL accessed during the session or enumeration. |
| Configured policies | The number of policies that are used within a session or enumeration. |
| Reason | The analysis of the session or enumeration activity. |
Policy evaluation
Displays that no issues found during evaluation for a successful session. For a failed session or enumeration, the following details of the policies evaluated are displayed:
| Field | Description |
|---|---|
| ID | Citrix Transaction ID. |
| Policy Name | The name of the policy. |
| Status | The status of the policy. |
| Action applied | The action applied on the policy. For example, deny access. |
| Policy Condition Evaluation | |
| Type | The type of the policy condition. |
| Condition Criteria | The condition criteria of the policy applied in the failed session or enumeration. |
| Value | The value of the policy. |
| Evaluation Status | The evaluation status of the policy. |
Session details
For a failed session, the reason for session failure is displayed. For a successful session, the following details are displayed:
| Field | Description |
|---|---|
| Session State | Displays the state of the session whether it is active or inactive. |
| Start time | Displays the session start time. |
| Last active time | Displays the last active time of the successful session. |
| Gateway Virtual IP | Displays the virtual IP address of the gateway to which the successful session is connected. |
| Contextual Tags | Displays the contextual tags. The contextual tag on the Secure Private Access plug-in is the name of a NetScaler Gateway policy (session, preauthentication, EPA) that is applied to the sessions of the authenticated users. |
| Domains visited (Internal) | Displays the internal domains accessed using the successful session. |
| Domains visited (External) | Displays the external domains accessed using the successful session. |