VDI Deployment Options


I enjoy having choices. I like having choices between Hefeweizen, Amber and Pale Ales. I like having a choice between playing Fallout, Mass Effect and Lego Star Wars. I like having a choice between mountain biking, tennis or hiking (yes, you can do all of these in the winter in Minnesota). I also have a choice in how to handle maintenance activities around my personal life. For example, I mow my own lawn, but I don’t change the oil in my car.  I don’t have the tools or skills needed to handle a car oil change, nor do I want … Continue reading VDI Deployment Options

Citrix Workspace Authentication: Federated Authentication Services


I have one primary key to let me into my house. Once I’m inside my house, I can see many resources that I might want to use like a bed, bathroom, safe, TV and a freezer. However, some of these resources are secured with a different key. I might have a code to access NetFlix. There might be a lock on the bathroom door.  There is a lock on the safe.  There is even a key to access the freezer (gotta protect those bratwurst). The keys I need once I’m in my house are secondary. They provide me access to … Continue reading Citrix Workspace Authentication: Federated Authentication Services

Authentication: Push


One of my goals before the end of the year is to protect my online accounts with multi-factor authentication. I’ve been protecting many of my identities with TOTP. TOTP is a great way to add multi-factor authentication to our identity.  It adds the “something I have” to the “something I know”. However, I’m now running into a major user experience issue with TOTP. I’ve got too many tokens!!! When I try and authenticate to one of these providers, I have to load the authenticator app and find the right code before typing it in.  This is easy when I only … Continue reading Authentication: Push

Citrix Workspace Authentication: Okta


None of us likes starting over. So if we don’t have to, why would we? Unfortunately, with technology, many of us are forced to to follow a single path. That single path often requires us to start over. But this is one of the interesting things about Citrix Workspace and the user’s primary identity… Don’t start over – Simply integrate. With an overall understanding on primary/secondary identities within Citrix Workspace, we can better understand how Citrix Workspace integrates with Okta as an identity provider for a user’s primary identity.  If our organization has standardized on Okta for identity, why would … Continue reading Citrix Workspace Authentication: Okta

Citrix Workspace Authentication: Overview


One of the major issues with the current state of the end user computing environment is the number of identities a user is required to remember.  Almost every service or application a user subscribes to requires the user create a new identity and password. With so many identities, almost all of us use the same identity/password combination to simplify our life. But relying on passwords is not the best approach. Certain applications and services will allow us to integrate some type of multi-factor authentication, but we now end up with multiple identities, multiple authentication approaches with each service using a … Continue reading Citrix Workspace Authentication: Overview

Citrix Workspace Authentication: Citrix Gateway


One of the challenges with using cloud services is getting the same experience you had in an on-premises deployment. For the past 20+ years, many Citrix Virtual Apps and Desktop deployments utilized a Citrix Gateway to provide an ICA proxy through the firewall. For external users, Gateway also authenticated those users. Over the years, admins determined the authentication schema for their organization, most likely incorporating additional factors beyond passwords, like TOTP, certificates, RADIUS, nFactor, etc. Fast forward to 2019 and we now need to figure out how to use Citrix Workspace without impacting our secure authentication profile. Currently in tech … Continue reading Citrix Workspace Authentication: Citrix Gateway

Authentication: TOTP


Let’s make one thing perfectly clear… TOTP ≠ OTP OTP = One-Time Password TOTP = Time-based One-Time Password As discussed in the Two-Step Verification post, OTP sends the one-time password to the user’s mobile phone via SMS or to the user’s email address. TOTP, on the other hand, uses a local app on the mobile device to generate a pass-code. If we look at the factors for an app using a password and TOTP code, we see that it is something you know and something you have. When a user registers a mobile device, they receive a key (either as … Continue reading Authentication: TOTP