- Configure domain pass-through authentication
- Configure domain pass-through authentication with Kerberos
- Configure smart card authentication
- Enable certificate revocation list checking for improved security
For information on configuring domain pass-through authentication, see Knowledge Center article CTX133982.
There are two ways to enable domain pass-through (SSON) when installing Citrix Receiver for Windows:
To enable domain pass-through (SSON) using the command line interface:
For information on the syntax for adding one or more StoreFront stores, see Configure and install Receiver for Windows using command-line parameters.
To enable domain pass-through using the graphical user interface:
The image below illustrates how to enable Single Sign-on:
The Enable Single Sign-on installation wizard is available only for fresh installation on a domain joined machine.
Verify that pass-through authentication is enabled by restarting Citrix Receiver for Windows, and then confirm that the ssonsvr.exe process is running in Task Manager after rebooting the endpoint on which Citrix Receiver for Windows is installed.
Use the information in this section to configure group policy settings for SSON authentication.
The default value of the GPO policy setting related to SSON is Enable pass-through authentication.
Use the following procedure to configure group policy settings using an ADMX file:
Use the following procedure to configure group policy settings using an ADM file:
4. Open Internet Explorer on the local machine and/or on the VDA desktop golden image.
5. In Internet Settings > Security > Trusted Sites, add the StoreFront server(s) fully qualified domain name (FQDN), without the store path, to the list. For example, https://storefront.example.com.
You can also add the StoreFront server to the Trusted Sites using a Microsoft GPO. The GPO is called Site to Zone Assignment List; you can find this list in Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
6. Log off, and log back on to the Citrix Receiver endpoint.
When Citrix Receiver opens, if the current user is logged on to the domain, the user's credentials are passed through to StoreFront, along with enumerated apps and desktops within Citrix Receiver, including the user's Start menu settings. When the user clicks an icon, Citrix Receiver passes through the user's domain credentials to the Delivery Controller and the app (or desktop) opens.
Use the following procedure to configure SSON on StoreFront and Web Interface:
To configure SSON on StoreFront and Web Interface, open Citrix Studio on the StoreFront Server and select Authentication->Add /Remove Methods. Select Domain pass-through.
To configure SSON on the Web Interface, select Citrix Web Interface Management > XenApp Sevices Sites > Authentication Methods and enable Pass-through.