This article describes how to configure Single Sign-on authentication to XenApp/XenDesktop using Internet Explorer. After configuring Single Sign-on, users will be able to connect to their Storefront published applications and launch XenApp/XenDesktop sessions without having to enter their credentials multiple times.

This will also work if Storefront is being Load Balanced on the NetScaler, however it won't work for NetScaler Gateway since the NetScaler will require the credentials to be entered at least once to be able to communicate with the backend servers. 

Note: This is only supported with Internet Explorer at the moment.

---

Instructions

There are a few settings that need to be changed on both Storefront and Internet Explorer to allow SSO.

On Storefront

Enable Pass-through authentication to Receiver for Web as follows:

1. On the Right hand side, under the desired store, select Manage Receiver for Web Sites 
2. Choose the desired website and click on Configure to modify existing settings.
3. Select Authentication Methods and place a checkmark on the Domain pass-through option. 
4. Click on Apply and OK to close the window.

On the Internet Explorer Browser

Add the Storefront FQDN with its http/https protocol to the Trusted sites as follows:

1. Open up your Internet Explorer browser and go to Tools > Internet Options. Then go to Security > Trusted Sites > Sites.
2. Add your Storefront base URL (FQDN) including its protocol (http or https). If you're using Load Balancing on the NetScaler, this FQDN should resolve to the Load Balancing Virtual IP. Close the Trusted Sites window.
3. Click on Custom Level... and locate the User Authentication option. Select Automatic Logon with current user name and password. Click on OK.
4. Click on OK to exit out of the Internet Options window.

Note: This setting can be enforced using Group Policies as well. Please check Microsoft documentation on Managing Browser Settings with Group Policy Tools for instructions on how to do this.

In addition to these settings, you have to install and configure Receiver for Windows for a seamless sign-on experience.

The instructions to accomplish this can be found on the following article: 

How to Manually Install and Configure Citrix Receiver for Pass-Through Authentication - https://support.citrix.com/article/CTX133982

 

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

For more information, please refer to the original blog post by Feng Huang - https://www.citrix.com/blogs/2014/03/27/pass-through-authentication-in-citrix-receiver-for-web/

How to Manually Install and Configure Citrix Receiver for Pass-Through Authentication - https://support.citrix.com/article/CTX133982