Password management

Save passwords

Using the Citrix Web Interface Management console, you can configure the authentication method to allow users to save their passwords. When you configure the user account, the encrypted password is saved until the first time the user connects. Consider the following:

• If you enable password saving, Citrix Workspace app for iOS stores the password on the device for future logons and does not prompt for passwords when users connect to applications.

  Note:

  The password is stored only if users enter a password when creating an account. If no password is entered for the account, no password is saved, regardless of the server setting.

• If you disable password saving (default setting), Citrix Workspace app for iOS prompts users to enter passwords every time they connect.

Note:

For StoreFront direct connections, password saving isn’t available.

To override password saving

If you configure the server to save passwords, users who prefer to require passwords at logon can override password saving:

• When creating the account, leave the password field blank.
• When editing an account, delete the password and save the account.

How to use

Citrix Workspace app has a feature that streamlines the connection process by allowing you to save your password, which eliminates the extra step of having to authenticate a session every time you open Citrix Workspace app.

Note:

The Save password functionality currently supports the PNA protocol. It does not support StoreFront native mode. However, this functionality works when StoreFront enables PNA legacy mode.

Configure StoreFront to save password

To configure StoreFront to enable the Save password functionality:

1. If you are configuring an existing Store, go to step 3.

2. To configure a new StoreFront deployment, follow the best practices described in Install, set up, upgrade, and uninstall.

3. Open the Citrix StoreFront management console. Ensure the base URL uses HTTPS and is the same as the common name specified when generating your SSL certificate.

4. Select the Store that you want to configure.

5. Click Configure XenApp Service Support.

6. Enable XenApp Service support, select the Default store (optional), and Click OK.

7. Navigate to the template configuration file at c:\inetpub\wwwroot\Citrix\<store name>\Views\PnaConfig\.

8. Make a backup of Config.aspx.

9. Open the original Config.aspx file.

10. Edit the line <EnableSavePassword>false</EnableSavePassword> to change the false value to true.

11. Save the edited Config.aspx file.

12. On the StoreFront server, run PowerShell with administrative rights.

13. In the PowerShell console:

    a. cd "c:\\Program Files\\Citrix\\Receiver StoreFront\\Scripts"

    b. Type “Set-ExecutionPolicy RemoteSigned”

    c. Type “.\ImportModules.ps1”

    d. Type “Set-DSServiceMonitorFeature –ServiceUrl” https://localhost:443/StoreFrontMonitor

14. If you have a StoreFront group, run the same commands on all the members in the group.

Configure Citrix Gateway to save passwords

Note:

This configuration uses Citrix Gateway load balance servers.

To configure Citrix Gateway to support the saved password functionality:

1. Log in to the Citrix Gateway management console.

2. Follow the Citrix best practices to create a certificate for your load balance virtual servers.

3. On the configuration tab, navigate to Traffic Management > Load Balancing > Servers and click Add.

4. Enter the server name and IP address of the StoreFront server.

5. Click Create. If you have a StoreFront group, repeat step 5 for all the servers in the group.

6. On the configuration tab, navigate to Traffic Management > Load Balancing > Monitor and click Add.

7. Enter a name for the monitor. Select StoreFront as the Type. At the bottom of the page, select Secure (required since the StoreFront server is using HTTPS).

8. Click the Special Parameters Tab. Enter the StoreFront name configured earlier, and select the Check Backed Services and click Create.

9. On the Configuration tab navigate to Traffic Management > Load Balancing > Service Groups and click Add.

10. Enter a name for your Service Group and set the protocol to SSL and click Ok.

11. On the right hand of the screen under Advanced Settings, select Settings.

12. Enable Client IP and enter the following for the Header value: X-Forwarded-For and click OK.

13. On the right-hand of the screen under Advanced Settings, select Monitors. Click the arrow to add new monitors.

14. Click the Add button and then select the Select Monitor drop-down menu. A list of monitors (configured on Citrix Gateway) appears.

15. Click the radio button beside the monitor that you created earlier and click Select, then click Bind.

16. On the right hand of the screen (under Advanced Settings), select Members. Click the arrow to add new service group members.

17. Click the Add button and then select the Select Member drop-down menu.

18. Select the Server Based radio button. A list of server members (configured on Citrix Gateway) appears. Click the radio button beside the StoreFront server that you created earlier.

19. Enter 443 for the port number and specify a unique number for the Hash ID, then click Create, then click Done. If everything has been configured properly, Effective State should show a green light, indicating that monitoring is functioning properly.

20. Navigate to Traffic Management -> Load Balancing -\ > Virtual Servers and click Add. Enter a name for the server and select SSL as the protocol.

21. Enter the IP address for the StoreFront load-balanced server and click OK.

22. Select the Load Balancing Virtual Server Service Group binding, click the arrow, and add the Service Group created previously. Click OK twice.

23. Assign the SSL certificate created for the Load Balance virtual server. Select No Server Certificate.

24. Select the Load Balance server certificate from the list and click Bind.

25. Add the domain certificate to the Load Balance Server. Click No CA certificate.

26. Select the domain certificate and click Bind.

27. On the right side of the screen, select Persistence.

28. Change the Persistence to SOURCEIP and set the time-out to 20. Click Save, then click Done.

29. On your domain DNS server, add the load balance server (if not already created).

30. Launch Citrix Workspace app for iOS on your iOS device and enter the full XenApp URL.