Product Documentation

Single sign-on with smart cards

Nov 01, 2013

Single sign-on is a Citrix feature that implements pass-through authentication with virtual desktop and application launches. You can use this feature in domain-joined, direct-to-StoreFront and domain-joined, NetScaler-to-StoreFront smart card deployments to reduce the number of times that users enter their PIN. To use single sign-on in these deployment types, edit the following parameters in default.ica. This file is located on the StoreFront server:

  • Domain-joined, direct-to-StoreFront smart card deployments—Set DisableCtrlAltDel to Off
  • Domain-joined, NetScaler-to-StoreFront smart card deployments—Set UseLocalUserAndPassword to On

For more instructions on setting these parameters, see the StoreFront or NetScaler Gateway documentation.

The availability of single sign-on functionality is dependent upon many factors including, but not limited to:

  • Your organization's security policies regarding single sign-on.
  • Middleware type and configuration.
  • Smart card reader types.
  • Middleware PIN caching policy.
Note: When the user logs on to the Virtual Delivery Agent (VDA) when a smart card reader is attached, a Windows tile may appear representing the previous successful mode of authentication, such as smart card or password. As a result, when single sign-on is enabled, the single sign-on tile may appear. To log on, the user must click Switch Users to select another tile as the single sign-on tile will not work.