Citrix Analytics for Security

Verify the anonymous users as legitimate users

As an administrator, you might notice that some Citrix Virtual Apps and Desktops users and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) users are shown as anonymous on Citrix Analytics for Security. These users are identified as discovered users. But their user names appear as anonXYZ (where “XYZ” represents a three digit number) on the following pages:

  • Users

  • User’s timeline

  • Risky users

  • Self-service search for the Apps and Desktops data source

Anonymous user risk timeline

Anonymous user search

When you see such users, you might want to know:

  • Who are these users?

  • Are these users legitimate or malicious in nature?

  • How to verify them?

  • What actions I must apply for these users?

You see anonymous users in your Citrix IT environment in the following scenarios:

  • When a user is using a published secure browser app

  • When a user is using an unauthenticated store

User using published secure browser apps

The secure browser apps are web apps that are published using the Citrix Secure Browser Service. These apps isolate your web browsing events and protect your corporate network from browser-based attacks. For more information, see Secure Browser Service.

The secure browser apps use the anonymous session capability of Citrix DaaS.

To verify if Secure Browser is configured in your Citrix Cloud account:

  1. Sign in to Citrix Cloud.

  2. On the Secure Browser card, click Manage.

    Secure browser cloud page

  3. On the Manage page, check for published secure browser apps.

    Published secure browser

If a user accesses a StoreFront store through Citrix Receiver for Web sites by using a web browser and uses the published secure browser apps, the user’s identity is hidden. Therefore, Citrix Analytics displays the user as anonymous.

If a user accesses a StoreFront store through a Citrix Receiver or Citrix Workspace app that is installed on their device and uses the published secure browser apps, Citrix Analytics displays the user as the user name specified in the StoreFront.

So, you can consider the user as a legitimate user of your organization. You need not apply any action if no risky behavior is associated with the user.

User using an unauthenticated store

The unauthenticated store is a feature of Citrix StoreFront and applies to the stores that are customer managed. This feature support access for unauthenticated (anonymous) users.

To verify if your organization has an unauthenticated store:

  1. Launch Citrix Studio.

  2. Click Stores.

  3. For your stores, check the authentication status in the Authenticated column.

    Unauthenticated store

If a store is not authenticated and the user is accessing that unauthenticated store, the user identity remains anonymous. Therefore, Citrix Analytics displays the user as anonymous. You can consider this user as a legitimate user of your organization. You need not apply any action if no risky behavior is associated with the user.

Verify the anonymous users as legitimate users