involves domain-joined user devices that run the Desktop Viewer and connect
directly to StoreFront.
A user logs on to a
device using a smart card and PIN. Receiver authenticates the user to a
Storefront server using Integrated Windows Authentication (IWA). StoreFront
passes the user security identifiers (SIDs) to Citrix XenDesktop. When the user
starts a virtual desktop or application, the user is not prompted for a PIN
again because the single sign-on feature is configured on Receiver.
This deployment can
be extended to a double-hop with the addition of a second StoreFront server and
a server hosting applications. A Receiver from the virtual desktop
authenticates to the second StoreFront server. Any authentication method can be
used for this second connection. The configuration shown for the first hop can be reused in the second hop or used in the second hop only.