Configuring Citrix SSO on Citrix Gateway for Citrix Endpoint Management

Configuring Citrix SSO on Citrix Gateway for Citrix Endpoint Management

book

Article ID: CTX335295

calendar_today

Updated On:

Description

Configuring Citrix SSO on Citrix Gateway for Citrix Endpoint Management
For details on how to configure Citrix SSO device policies to achieve per app VPN, please check the below document
https://docs.citrix.com/en-us/citrix-endpoint-management/policies/vpn-policy.html

This support article covers the session policy configuration on Citrix Gateway for a Full Device VPN with Citrix SSO

Beyond normal production use, Citrix SSO is a useful troubleshooting to determine if an issue is localised to a custom MAM app, MDX app or apps like SecureWeb from an Endpoint Management perspective or a networking issue.


 


Instructions

1. Create Citrix SSO Session Policy

Located under Citrix Gateway -> Policies -> Citrix Gateway Session Policies and Profiles -> Session Policies     
         

Use the below Session Policy Expression to capture both the iOS and Android version of Citrix SSO

HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver/NSGiOSplugin") || HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver/CitrixVPN")

image.png

Note: The above uses Advanced Expressions – use Classic expression option and Expression Editor if Classic format is needed.

2. Create Session Profile

Click on “Add” to create the Session Profile for Citrix SSO.

Citrix SSO Session Profile
  • “Clientless Access” set to Off
  • Ensure that “Windows/Mac OS X” is selected from the plug-in Type list.
  • Select the “Single Sign-on to Web Applications” option if desired.
image.png
“Default Authorization Action” set to “ALLOW”

image.png

Under “Published Applications” set “ICA Proxy” to “OFF”
Graphical user interface, application, Teams  Description automatically generated
Proceed to bind the Session Policy onto the Citrix Gateway Virtual Server for Endpoint Management

Graphical user interface, text, application, email  Description automatically generated
  • Download Citrix SSO onto the mobile device of your choosing.
  • Log using the Citrix Gateway MAM address using known credentials to connect the VPN.
  • Citrix SSO should show with status connected 
  • Test in Safari or other app to confirm connection to backend resource.
 
  • Note this guide covers Device VPN, not Per App VPN -
  • Recommend to test Device VPN before placing Per App VPN to confirm VPN connection functions.

Additional Information

https://docs.citrix.com/en-us/citrix-endpoint-management/policies/vpn-policy.html
https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/configure-full-vpn-setup.html