One of the major issues with the current state of the end user computing environment is the number of identities a user is required to remember. Almost every service or application a user subscribes to requires the user create a new identity and password.
With so many identities, almost all of us use the same identity/password combination to simplify our life. But relying on passwords is not the best approach. Certain applications and services will allow us to integrate some type of multi-factor authentication, but we now end up with multiple identities, multiple authentication approaches with each service using a unique MFA option.
Now we have to remember which ID, which password, which token combination to use. And we wonder why users call support to have their passwords reset so often.
The concept behind Citrix Workspace is to have one primary identity that each organization can select from a growing list of options.
The organization’s selected primary identity should be secured beyond a simple username/password combination because the primary identity is the key to the castle. The primary identity gets translated to secondary identities, allowing users to access all resources without re-authenticating.
Citrix Workspace relies on the identity broker µ-service to manage the primary identity authentication to the configured identity provider. A successful Workspace authentication allows the resource feed µ-service to identify authorized resources for the user. Organizations can select one of the following primary identity providers:
- Azure Active Directory
However, those resources will most likely have an identity (secondary identity) different from the user’s primary Workspace identity. The single sign-on µ-service translates the user’s primary Workspace identity to a resource-specific secondary identity. A different solution is used to provide single sign-on based on the type of resource accessed, whether that be:
- SaaS apps (Cloud)
- Web apps (On-premises)
- Citrix Virtual Apps and Desktops
Daniel (Follow on Twitter @djfeller)