Citrix Workspace Authentication: Okta


None of us likes starting over. So if we don’t have to, why would we? Unfortunately, with technology, many of us are forced to to follow a single path. That single path often requires us to start over. But this is one of the interesting things about Citrix Workspace and the user’s primary identity… Don’t start over – Simply integrate. With an overall understanding on primary/secondary identities within Citrix Workspace, we can better understand how Citrix Workspace integrates with Okta as an identity provider for a user’s primary identity.  If our organization has standardized on Okta for identity, why would … Continue reading Citrix Workspace Authentication: Okta

Access Control for StoreFront – Demo


I recently talked about how you can add SaaS and web applications to an on-premises StoreFront deployment.  The integration goes beyond simply publishing links to the SaaS and web apps.  The integration utilizes the Citrix Access Control service, providing SSO to SaaS No more passwords. No more access after employees have left the company. Enhanced security for SaaS apps No more printing, downloading, copying data locally URL filtering within SaaS apps No more blind faith that my users understand security implications of selecting a link The following demonstrates the user and admin experience for enabling this functionality. Continue reading Access Control for StoreFront – Demo

SaaS and Web Apps in StoreFront


In a Citrix Virtual Apps and Desktops deployment, many organizations use StoreFront to provide access to Windows and Linux applications and desktops.  A lesser know feature, published content, can let StoreFront publish links to SaaS and web applications in an attempt to bring all resources together into a single view. (I see the differences between SaaS and web apps as follows: SaaS apps are browser-based applications hosted by a 3rd party while a web app is a browser-based app hosted within the internal datacenter).  Unfortunately, SaaS/Web apps introduces some interesting challenges for users: SSO – Users must remember the username … Continue reading SaaS and Web Apps in StoreFront

x.509 Certificate Rejected for SaaS SSO


I’m trying to setup single sign-on to a new SaaS app with Citrix Access Control and ran into a strange issue. The SaaS app is rejecting my x.509 certificate because it is incorrect. Let’s look at this a little closer. When you create a new SSO configuration for a SaaS app in Citrix Access Control, there is a link on the right-side of the page that includes your metadata, which is specific to your workspace. Selecting that link, gives you all of this information In many cases, you can simply copy the information in the X509Certificate section and paste that … Continue reading x.509 Certificate Rejected for SaaS SSO

Access Control


Things I’ve heard (Unfortunately, these are true) I have a hundred or more passwords (I think most of us are in that boat) I still have access to my former employer’s web apps even though I left over a year ago. Let me show you. (Wow, but I’ve seen similar things) I hear layoffs are coming, I’m downloading as much as I can, just in case (please don’t tell me that) Everything in my SaaS app is safe for me to access (speechless) There are ways to fix these problems with our growing, distributed end user computing environment: SSO to … Continue reading Access Control

Enhanced SaaS Security


A SaaS app exists in the cloud, which basically means the organization’s IT and Security teams have no control over what users can capture, save, print and distribute. In the SaaS world, the approach is often “be on your best behavior”. This is similar to all of the self-service check-out lines we now have at grocery stores and home improvement stores. Either intentionally or by accident, it is extremely easy to take something that you didn’t pay for. In both cases, what’s the cost to the business? If we are talking about groceries, the cost is probably small. But what … Continue reading Enhanced SaaS Security