SafeNet Authentication Client



Similar documents
Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

To configure Outlook Express for your InfoMetrics address:

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

Yale Software Library

SafeNet Authentication Client (Windows)

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

How to Configure NetScaler Gateway 10.5 to use with StoreFront 2.6 and XenDesktop 7.6.

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

pcanywhere Advanced Configuration Guide

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Creating a User Profile for Outlook 2013

XenApp/Citrix Program Neighborhood Installation

App Orchestration 2.5

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Citrix Remote Access Work Instructions

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

How do I use Citrix Staff Remote Desktop

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

App Orchestration 2.5

Defender Token Deployment System Quick Start Guide

Check Point FDE integration with Digipass Key devices

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

How to Use Remote Access Using Internet Explorer

App Orchestration 2.0

Connecting to Remote Desktop Windows Users

User Management Tool 1.5

Accessing the Media General SSL VPN

ANZ TRANSACTIVE GETTING STARTED GUIDE AUSTRALIA & NEW ZEALAND

Implementing a SAS Metadata Server Configuration for Use with SAS Enterprise Guide

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

etoken PKI Client (Windows) Administrator s Guide Version 5.1 SP1 Rev A

my.airproducts.com Windows Vista Client Configuration

External Authentication with Citrix Access Gateway Advanced Edition

Installing IDEA v8 Client Software on Citrix Server Environment

Agent Configuration Guide

How to connect to the diamonds wireless network with Vista.

Configure SQL database mirroring

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Two Factor Authentication and PKI Token (for Windows)

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

User Guide Remote Access to VDI/Workplace Using PIV

To install the SMTP service:

XenDesktop Implementation Guide

Multi-factor Authentication using Radius

Gemalto SafeNet Minidriver 9.0

Procedure for How to Enroll for Digital Signature

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

How To - Implement Single Sign On Authentication with Active Directory

User Guide Remote PIV to VDI Using a PIV Card

Welcome to Remote Access Services (RAS)

Manual for configuring NIC VPN in Windows OS

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Cisco ASA

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Deploying NetScaler Gateway in ICA Proxy Mode

Update Instructions

Windows Server 2008 R2 Initial Configuration Tasks

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Changing Passwords in Cisco Unity 8.x

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Citrix Access Gateway Plug-in for Windows User Guide

Implementation Guide for protecting

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Department of Veterans Affairs Two-Factor Authentication MobilePASS Quick Start Guide November 18, 2015

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

Transitioning to Leostream from HP SAM

Using Internet or Windows Explorer to Upload Your Site

Aventail Connect Client with Smart Tunneling

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft IAS and NPS Agent Configuration Guide

Web Meetings through VPN. Note: Conductor means person leading the meeting. Table of Contents. Instant Web Meetings with VPN (Conductor)...

Shakambaree Technologies Pvt. Ltd.

ShareFile On-Demand Sync can be installed via EXE or MSI. Both installation types can be downloaded from

By the Citrix Publications Department. Citrix Systems, Inc.

Medstar Health Dell Services

High Availability for Desktop Virtualization

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

Central Administration QuickStart Guide

Managed Security Web Portal USER GUIDE

Defender EAP Agent Installation and Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

MelbourneOnline Hosted Exchange Setup

Deployment Guide for Citrix XenDesktop

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

For paid computer support call

Citrix Access on SonicWALL SSL VPN

Application Note. Gemalto Smart Cards with Citrix XenApp 5.0

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Configuring Eduroam in Windows Vista

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

These instructions will allow you to configure your computer to install necessary software to access mystanwell.com.

Transcription:

SafeNet Authentication Client QUICK STRAT GUIDE Using Certificate-based Authentication with SafeNet Authentication Client for Citrix XenApp 6.5 Contents Description... 2 The Multi-Factor Authentication Dilemma: Security over Convenience... 2 Multi-Factor Authentication Dataflow and Environment... 2 Preparation and Perquisites... 3 Server Side... 3 Client Side... 4 Citrix Configuration for Certificate-Based Authentication... 4 Next we will configure the different Citrix components to work with certificate-based authentication. Citrix Web Interface Management Configuration... 4 Smart card authentication methods for Citrix XenApp Web sites:... 4 Smart card authentication methods for Citrix XenApp Services sites:... 5 SafeNet Authentication Client Configuration... 6 Typical Certificate Based Authentication Scenario... 7 Logging-on to Citrix Web Interface:... 7 Page 1 of 9

Description This document provides guidelines for deploying certificate based multi-factor authentication for user-authentication to Citrix XenApp using any of SafeNet s certificate-based authenticators. SafeNet s certificate-based authenticators provide secure remote access, as well as other advanced applications including: digital signing, password management, network logon, and combined physical/logical access, in a single authenticator. The authenticators come in different form factors, including USB tokens, smart-cards and software tokens. All of these form factors are being interfaced using a single middleware client, SafeNet Authentication Client. SafeNet Authentication Client manages SafeNet s extensive portfolio of certificate-based authenticators, ensuring full support for all currently deployed etoken and ikey devices. Citrix XenApp is an application delivery solution that enables any Windows application to be virtualized, centralized and managed in the datacenter and instantly delivered as a service to users anywhere on any device. As users connect remotely to the virtual server, multi-factor authentication is a fundamental capability. The Multi-Factor Authentication Dilemma: Security over Convenience As you set up to deploy certificate-based multi-factor authentication solution with your Citrix XenApp solution, one of the most frequent deployment questions pops up. Citrix XenApp allows users to have a session single-logon capability, where, once the user was authenticated to the smart-card device, the user stays authenticated until the end of the session, regardless of the number of times the user accesses the application. This provides a better user-experience for those using the system. However on the same note, this single-logon capability, called Pass Through may impose security risks in ultra-sensitive use-cases and environments. Before deploying the system you should decide whether your organization can deploy the user-friendly singlelogon, :Pass Through feature, or alternatively users will need to authenticate each time they interface with Citrix XenApp application. Multi-Factor Authentication Dataflow and Environment To enable certificate-based multi-factor authentication for Citrix XenApp using SafeNet certificate based authenticator, the user needs to deploy the following: SafeNet Authentication Client A unified middleware client for all SafeNet certificate based authenticators. This document describes SafeNet Authentication Client version 8.2. Citrix Receiver - A client application installed on the end point device (e.g.: PCs, tablets, smartphones, etc.) that interfaces with Citrix-enabled IT infrastructure. Citrix Web Interface - Citrix Web Interface provides secure access to XenApp and XenDesktop resources from anywhere through any device with a Web browser or through the Citrix Receiver. This document describes Citrix Web Interface version 5.4. Citrix XenApp Server The server side of Citrix XenApp. This document describes Citrix XenApp version 6.5. Figure 1 shows the environment required to implement a Citrix solution using SafeNet s certificate based authentication, and illustrates the dataflow of the authentication request: 1. A user is required to authenticate to Citrix XenDesk using SafeNet s certificate-based authenticator. SafeNet s authenticator is deployed with a user unique client certificate that is used to authenticate the user. When the user is authenticated the user needs to provide a PIN to access the authenticator. Page 2 of 9

2. The credentials provided are passed to Citrix XenApp which returns a response to the Citrix Reciever client or Citrix Web Interface to accept or to reject the user authentication request. Figure 1:Deployment and dataflow of SafeNet s multi-factor authentication solution with Citrix XenApp Preparation and Perquisites This section describes the perquisites needed to be installed and configured before implementing certificate based authentication for Citrix XenApp. NOTE This document assumes that Citrix XenApp Server is already installed and interfaced using Citrix Web Interface and that the solution is working using static passwords, or any other userauthentication method. Follow these steps: Server Side 1. Install SafeNet Authentication Client version 8.2 on the server running XenApp. Use default settings. 2. Ensure that Citrix Web Interface version 5.4 is installed. Citrix Web Interface should be configured to work with two sites: A web site for the accessing Citrix XenApp via a Web browser A service site for accessing Citrix XenApp via the Citrix Receiver For more information on Citrix management web sites, please refer to Citrix Configuration for Certificate- Based Authentication Page 3 of 9

3. Based on the decision whether to use smart-card authentication or smart-card pass through authentication, ensure that your domain environment supports the appropriate method. For more information on Citrix smart card pre-requirements please refer to http://support.citrix.com/article/ctx129096 Client Side 1. Ensure that Citrix Receiver version 3.4 Enterprise is installed on each client machine that needs to use certificate-based authentication. 2. Install SafeNet Authentication Client version 8.2. Configure Single logon in SafeNet Authentication Client version 8.2 if "Pass Through with Smart Card" authentication method is selected in XenApp Services site. For more information on Citrix management web sites, please refer to SafeNet Authentication Client Configuration Citrix Configuration for Certificate-Based Authentication Next we will configure the different Citrix components to work with certificate-based authentication. Citrix Web Interface Management Configuration Citrix web interface introduces XenApp Web Sites (for Web Interface users) and XenApp Services Sites (for users of the Citrix Receiver). Configure the authentication method to Smart Card or Pass Through with Smart Card, based on your preference and in conjunction with the description described above. When configuring the authentication method to be Smart Card the user will be asked to enter the smart card PIN / Password again when logging in to the Citrix site. If the authentication method is configured to be Pass Through with Smart Card The user will be asked for the smart card PIN once: on the client-login and will not be to re-enter the PIN again during the same session. Smart card authentication methods for Citrix XenApp Web sites: 1. On the Windows Start menu, click All Programs > Citrix > Management Consoles > Citrix Web Interface Management. 2. In the left pane of the Citrix Web Interface Management console, click XenApp Web Sites and select your site in the results pane. 3. In the Action pane, click Authentication Methods Page 4 of 9

4. Select the Smart card or Pass-through with smart card check box, as appropriate. 5. Click Properties to configure further settings for smart card authentication. Smart card authentication methods for Citrix XenApp Services sites: 1. On the Windows Start menu, click All Programs > Citrix > Management Consoles > Citrix Web Interface Management. 2. In the left pane of the Citrix Web Interface Management console, click XenApp Services Sites and select your site in the results pane. 3. In the Action pane, click Authentication Methods Page 5 of 9

4. Select the Smart card or Pass-through with smart card check box, as appropriate. 5. Click Properties to configure further settings for smart card authentication SafeNet Authentication Client Configuration If the authentication method is configured to be Pass Through with Smart Card in Citrix Web Interface XenApp Services Sites, it is necessary to enable single logon in SafeNet Authentication Client version 8.2. To enable Single logon in the SafeNet Authentication Client 1. Open SafeNet Authentication Client Tools Advanced View. Page 6 of 9

2. In the left pane, select Client Settings. 3. In the right pane, select the Advanced tab 4. Select Enable single logon. 5. To save your changes, click Save. NOTE To make sure that SafeNet Authentication Client Single logon settings have been applied correctly following check that in the client machine registry settings that the below key exists and is set to 1 : HKLM\Software\SafeNet\Authentication\SAC\GENERAL\SignleLogon. Typical Certificate Based Authentication Scenario User connects a SafeNet USB token to the Windows client computer. When the Web Interface connects to the Citrix XenApp Server, the user is prompted to enter their Token Password. Upon successful authentication, the user is prompted to select a published application. Logging-on to Citrix Web Interface: 1. Connect your SafeNet USB token to the computer. 2. Open Internet Explorer and type https://domain_name/citrix/xenapp The Log On window opens. Page 7 of 9

3. Select Smart Card and Click Log On. The Token Logon window opens: 4. Enter the Token Password value and click Ok. Page 8 of 9

5. The Citrix XenApp application window opens: Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information