The suggested installation order of Single Sign-on is:
- Create the central store.
- Install the Citrix AppCenter, which includes the Single Sign-on console component.
- Install the Single Sign-on Service if you want to use one or more of the following modules:
- Key management
- Credential synchronization
- Data integrity
If you decide to install the Data Integrity Module later or after installing the Citrix AppCenter and the Single Sign-on Plug-in, you must digitally sign your existing central store data with the data signing tool CtxSignData.exe. (This tool is available after you install the Data Integrity Module.) Conversely, if you uninstall the Data Integrity Module, you must unsign your central store data.
- Install the Application Definition Tool on one or more computers in your environment when you need to create application definitions only. (When you install the XenApp server role with its default components, the Application Definition Tool is included.)
- Install the Single Sign-on Plug-in on each user computer and on the XenApp server.
Important: The server(s) that hosts the Single Sign-on Service and NTFS central store contains highly sensitive user-related information. Use a dedicated server in a physically secure location.
The following installations are not recommended and are not supported:
- Do not install the service and the plug-in on the same computer.
- Do not install the service and the XenApp server role on the same server.
- Do not install Single Sign-on on a domain controller. Installation of the plug-in or service, console, or creation of an NTFS network share central store on a domain controller is not supported.