Configuring Single Sign-on to Web Applications by Using LDAP
When you configure single sign-on and users log on by using the user principal name (UPN) with a format of email@example.com, by default single sign-on fails and users must authenticate two times. If you need to use this format for user logon, modify the LDAP authentication policy to accept this form of user name.
To configure single sign-on to web applications
- In the configuration utility, on the Configuration tab, expand Citrix Gateway > Policies > Authentication.
- In the details pane, on the Policies tab, select an LDAP policy and then click Open.
- In the Configure Authentication Policy dialog box, next to Server, click Modify.
- Under Connection Settings, in Base DN (location of users), type DC=domainname,DC=com.
- In Administrator Bind DN, type LDAPaccount@domainname.com, where domainname.com is the name of your domain.
- In Administrator Password and Confirm Administrator Password, type the password.
- Under Other Settings, in Server Logon Name Attribute, type UserPrincipalName.
- In Group Attribute, type memberOf.
- In Sub Attribute Name, type CN.
- In SSO Name Attribute, type the format by which users log on and then click OK twice. This value is either SamAccountName or UserPrincipleName.