Configuring Single Sign-On with Windows
Users open a connection by starting the Citrix Secure Access agent from the desktop. You can specify that the Citrix Secure Access agent start automatically when the user logs on to Windows by enabling single sign-on. When you configure single sign-on, users’ Windows Logon credentials are passed to Citrix Gateway for authentication. Enabling single sign-on for the Citrix Secure Access agent facilitates operations on the user device, such as installation scripts and automatic drive mapping.
Enable single sign-on only if user devices are logging on to your organization’s domain. If single sign-on is enabled and a user connects from a device that is not on your domain, the user is prompted to log on.
You configure single sign-on with Windows either globally or by using a session profile that is attached to a session policy.
To configure single sign-on with Windows globally
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Global Settings.
- In the details pane, under Settings, click Change global settings.
- On the Client Experience tab, click Single Sign-on with Windows, and then click OK.
To configure single sign-on with Windows by using a session policy
- In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies, and then click Session.
- In the details pane, click Add.
- In Name, type a name for the policy.
- Next to Request Profile, click New.
- In Name, type a name for the profile.
- On the Client Experience tab, next to Single Sign-On with Windows, click Override Global, click Single Sign-on with Windows, and then click OK.
- In the Create Session Policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create, and then click Close.