System requirements

  • Federated Authentication Service (FAS) is supported on the following Windows Server versions:
    • Windows Server 2025, Standard, and Datacenter Editions
    • Windows Server 2022, Standard, and Datacenter Editions
    • Windows Server 2019, Standard and Datacenter Editions, and with the Server Core option
    • Windows Server 2016, Standard and Datacenter Editions, and with the Server Core option
  • Citrix recommends installing FAS on a server that does not have any other Citrix components.
  • The Windows Server must be secured since it has access to a registration authority certificate and a private key. The certificate and private key allow the server to issue certificates for domain users. The server also has access to the issued domain user certificates and private keys.
  • The FAS PowerShell cmdlets require Windows PowerShell 64-bit installed on the FAS server.
  • A certificate authority such as Microsoft Enterprise or any other certificate authority validated in the Citrix Ready program is required to issue user certificates.
  • For certificate authorities other than Microsoft, ensure the following:

In the Citrix Virtual Apps or Citrix Virtual Desktops Site:

  • Delivery Controllers, Virtual Delivery Agents (VDAs), and StoreFront servers must all be supported versions.
  • Apply the Federated Authentication Service Group Policy configuration to the VDAs before creating the machine catalog. For more information, see the Configure Group Policy section for details.

When planning your deployment of this service, review the Security considerations section.

System requirements