Citrix Workspace Authentication: Overview


One of the major issues with the current state of the end user computing environment is the number of identities a user is required to remember.  Almost every service or application a user subscribes to requires the user create a new identity and password. With so many identities, almost all of us use the same identity/password combination to simplify our life. But relying on passwords is not the best approach. Certain applications and services will allow us to integrate some type of multi-factor authentication, but we now end up with multiple identities, multiple authentication approaches with each service using a … Continue reading Citrix Workspace Authentication: Overview

Access Control for StoreFront – Demo


I recently talked about how you can add SaaS and web applications to an on-premises StoreFront deployment.  The integration goes beyond simply publishing links to the SaaS and web apps.  The integration utilizes the Citrix Access Control service, providing SSO to SaaS No more passwords. No more access after employees have left the company. Enhanced security for SaaS apps No more printing, downloading, copying data locally URL filtering within SaaS apps No more blind faith that my users understand security implications of selecting a link The following demonstrates the user and admin experience for enabling this functionality. Continue reading Access Control for StoreFront – Demo

SaaS and Web Apps in StoreFront


In a Citrix Virtual Apps and Desktops deployment, many organizations use StoreFront to provide access to Windows and Linux applications and desktops.  A lesser know feature, published content, can let StoreFront publish links to SaaS and web applications in an attempt to bring all resources together into a single view. (I see the differences between SaaS and web apps as follows: SaaS apps are browser-based applications hosted by a 3rd party while a web app is a browser-based app hosted within the internal datacenter).  Unfortunately, SaaS/Web apps introduces some interesting challenges for users: SSO – Users must remember the username … Continue reading SaaS and Web Apps in StoreFront

x.509 Certificate Rejected for SaaS SSO


I’m trying to setup single sign-on to a new SaaS app with Citrix Access Control and ran into a strange issue. The SaaS app is rejecting my x.509 certificate because it is incorrect. Let’s look at this a little closer. When you create a new SSO configuration for a SaaS app in Citrix Access Control, there is a link on the right-side of the page that includes your metadata, which is specific to your workspace. Selecting that link, gives you all of this information In many cases, you can simply copy the information in the X509Certificate section and paste that … Continue reading x.509 Certificate Rejected for SaaS SSO

Website Rendering Issues


I ran into an interesting issue with the URL filtering aspect of Citrix Access Control service for SaaS apps.  I’m trying to do the following: Block categories Malware and SPAM Peer-toper/Torrents Adult Gambling Illegal/Harmful Redirect categories Social networking Allowed websites *.twitter.com Unfortunately, when I access Twitter.com from my SaaS app with enhanced security enabled, I get this: I’m pretty sure this isn’t what the website is supposed to look like.  In fact, my first reaction is “DANG CITRIX!!!” But, it isn’t Citrix fault and let me show you why. Launch Chrome browser Navigate to Twitter.com In the Customize and Control … Continue reading Website Rendering Issues

Access Control


Things I’ve heard (Unfortunately, these are true) I have a hundred or more passwords (I think most of us are in that boat) I still have access to my former employer’s web apps even though I left over a year ago. Let me show you. (Wow, but I’ve seen similar things) I hear layoffs are coming, I’m downloading as much as I can, just in case (please don’t tell me that) Everything in my SaaS app is safe for me to access (speechless) There are ways to fix these problems with our growing, distributed end user computing environment: SSO to … Continue reading Access Control

URL Filtering Decision Flow


When we look at providing enhanced security to SaaS apps with the Citrix Access Control service, I focused on three aspects: SSO to SaaS and web apps Enhanced security for SaaS and web apps URL filtering within SaaS and web apps As we’ve seen with URL filtering, we can allow, deny or redirect specific websites or website categories (adult, malware, peer-to-peer, social media, news, etc). But, how would I configure URL filtering where I want to do the following: Deny access to all social media sites EXCEPT Twitter The deny portion is easy if we use the social media category, … Continue reading URL Filtering Decision Flow