Online Help

SafeNet Trusted Access for Citrix VDI Cloud

Overview

The application template provides the ability to enable single sign-on for users accessing the Citrix VDI Cloud application through SafeNet Trusted Access. SAML settings are configured in Citrix VDI Cloud to access Citrix VDI Cloud management console.

The following use cases can be configured for Citrix VDI Cloud:

>SP-initiated SSO

>Single logout

Configuring SafeNet Trusted Access for Citrix VDI Cloud is a three-step process:

1.Citrix VDI Cloud setup

2.SafeNet Trusted Access setup

3.Verify authentication

Citrix VDI Cloud Setup

As a prerequisite,

>On Citrix Cloud, under Workspace Configuration > Sites tab, configure your site.

>Citrix Cloud Apps Gateway service must be enabled on the Citrix Cloud Apps console.

>Federated Authentication Service (FAS) must be configured on Cloud using the following link:

https://docs.citrix.com/en-us/citrix-workspace/workspace-federated-authentication.html

>Download the Identity Provider signing certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps given below.

 

Perform the following steps to configure SafeNet Trusted Access as your identity provider in Citrix VDI Cloud:

1.Log in to Citrix VDI Cloud as an administrator using the https://citrix.cloud.com/ URL.

2.On the Citrix VDI Cloud console, under My Services > Gateway, click Manage.

3.Under Citrix Cloud, click Identity and Access Management.

4.On the Authentication tab, scroll down to SAML (Preview), click on the icon, and click Connect.

5.Under Configure SAML, scroll up, and provide following details:

a.In the Entity ID field, enter the ISSUER/ENTITY ID URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the ISSUER/ENTITY ID field.

b.In the Sign Authentication Request field, select an option as per your preferred configuration.

c.Click on the Download link, the SAML metadata will be automatically opened in the default browser of your machine. Copy the entire metadata text.

d.In a text editor, paste the metadata that you copied in the previous step, and save it as a .xml file on your local machine.

e.In the SSO Service URL field, enter the SINGLESIGNONSERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

f.In the Binding Mechanism field, select Http Redirect.

g.In the SAML Response field, select a value (for example, Must Sign Response) as per your preferred configuration to sign the response or assertion.

h.Next to X.509 Certificate, click on the Upload File link .

i.On the Upload a x.509 Certificate window, drag and drop the identity provider signing certificate that you downloaded earlier from the STA console, and click Continue.

j.Under Authentication Context, in the first drop down box, select Unspecified and in the Select Type drop down box, select Minimum.

k.In the Logout URL (optional) field, enter the SINGLESIGNONSERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

l.Click Test and Finish.

6.On the Identity and Access Management window, on the Authentication tab, ensure that the status of SAML (Preview) is Connected.

7.On the top left-hand side corner of the window, click Workspace Configuration, and click the Authentication tab.

8.On the Authentication tab, select the SAML (Preview) option.

9.On the pop-up window, select the I understand the impact on the subscriber experience. checkbox, and click Confirm.

10.Under Configure Authentication with the Federated Authentication Service (Preview), ensure that FAS is enabled in advance.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Citrix VDI Cloud, the second step is to activate the Citrix VDI Cloud application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Citrix VDI Cloud application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Citrix VDI Cloud) and proceed to the next step.

2.Under STA Setup, click Upload Citrix VDI Cloud Metadata.

3.On the metadata upload window, click Browse and select the Citrix VDI Cloud metadata that you downloaded earlier in step 5c of Citrix VDI Cloud Setup.

4.Under Return Attributes, perform the following steps:

a.Click Add Attribute

b.In the RETURN ATTRIBUTE column, enter cip_sid.

c. In the USER ATTRIBUTE column, select Custom #1.

NOTE   Ensure that the User sid attribute is synced with the custom#1 field in the identity provider.

5.Under User Portal Settings, in the SERVICE LOGIN URL field, enter the workspace URL (for example, https://stademo.cloud.com).

6.Click Save Configuration to save the details and activate the Citrix VDI Cloud application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the workspace URL (for example, https://stademo.cloud.com). You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Citrix Workspace window after authentication. Click on the Use web browser link and you will be redirected to Citrix Workspace.

Perform the following steps to access Virtual Apps and Desktops:

1.On the workspace, in the left pane, click Apps or Desktops.

2.On the pop-up window, under What should Firefox do with this file?, select the Open with option, and select Citrix Connection Manager (default).

3.Click OK.

4.On the Windows sign in window, login in to the VDA resource machine using your LDAP credentials and access your application.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Citrix VDI Cloud application icon. You should be redirected to the Citrix Workspace window after authentication. Click on the Use web browser link and you will be redirected to Citrix Workspace.

Perform the following steps to access Virtual Apps and Desktops:

1.On the workspace, in the left pane, click Apps or Desktops.

2.On the pop-up window, under What should Firefox do with this file?, select the Open with option, and select Citrix Connection Manager (default).

3.Click OK.

4.On the Windows sign in window, login in to the VDA resource machine using your LDAP credentials and access your application.

 

Copyright © 2021 Thales Group

All Rights Reserved.