Federated Authentication Service (FAS) is supported on all currently supported Windows Server versions, see Citrix Virtual Apps or Citrix Virtual Desktops system requirements.
- Citrix recommends installing FAS on a server that does not contain other Citrix components.
- The Windows Server should be secured. It will have access to a registration authority certificate and private key that allows it to automatically issue certificates for domain users, and it will have access to those user certificates and private keys.
- The FAS PowerShell cmdlets require Windows PowerShell 64-bit installed on the FAS server.
- A Microsoft Enterprise Certification Authority (root or subordinate) is required to issue user certificates.
In the Citrix Virtual Apps or Citrix Virtual Desktops Site:
Delivery Controllers, Virtual Delivery Agents (VDAs), and StoreFront server must all be currently supported versions, see Citrix Virtual Apps or Citrix Virtual Desktops system requirements.
FAS is not supported on XenApp and XenDesktop 7.6 Long Term Service Release (LTSR).
Before creating the Machine Catalog, the Federated Authentication Service Group Policy configuration must be applied correctly to the VDAs. See the Configure Group Policy section for details.
When planning your deployment of this service, review the Security considerations section.