Configuring Citrix SSO on Citrix Gateway for Citrix Endpoint Management

book

Article ID: CTX335295

calendar_today

Updated On:

Description

Configuring Citrix SSO on Citrix Gateway for Citrix Endpoint Management
For details on how to configure Citrix SSO device policies to achieve per app VPN, please check the below document
https://docs.citrix.com/en-us/citrix-endpoint-management/policies/vpn-policy.html

This support article covers the session policy configuration on Citrix Gateway for a Full Device VPN with Citrix SSO

Beyond normal production use, Citrix SSO is a useful troubleshooting to determine if an issue is localised to a custom MAM app, MDX app or apps like SecureWeb from an Endpoint Management perspective or a networking issue.

Instructions

1. Create Citrix SSO Session Policy

Located under Citrix Gateway -> Policies -> Citrix Gateway Session Policies and Profiles -> Session Policies

Use the below Session Policy Expression to capture both the iOS and Android version of Citrix SSO

HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver/NSGiOSplugin") || HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver/CitrixVPN")

Note: The above uses Advanced Expressions – use Classic expression option and Expression Editor if Classic format is needed.

2. Create Session Profile
Click on “Add” to create the Session Profile for Citrix SSO.

Citrix SSO Session Profile

“Clientless Access” set to Off
Ensure that “Windows/Mac OS X” is selected from the plug-in Type list.
Select the “Single Sign-on to Web Applications” option if desired.

“Default Authorization Action” set to “ALLOW”

Under “Published Applications” set “ICA Proxy” to “OFF”

Graphical user interface, application, Teams Description automatically generated

Proceed to bind the Session Policy onto the Citrix Gateway Virtual Server for Endpoint Management

Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application, email Description automatically generated

Download Citrix SSO onto the mobile device of your choosing.
Log using the Citrix Gateway MAM address using known credentials to connect the VPN.
Citrix SSO should show with status connected
Test in Safari or other app to confirm connection to backend resource.

Note this guide covers Device VPN, not Per App VPN -
Recommend to test Device VPN before placing Per App VPN to confirm VPN connection functions.

Additional Information

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/vpn-policy.html
https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/configure-full-vpn-setup.html

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"