Transcription
Single Sign-on 4.82015-03-15 04:30:46 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
ContentsSingle Sign-on 4.8.10Single Sign-on Installation and Upgrade .11Introducing Citrix Single Sign-on .12Identifying the Four Key Components of Single Sign-on.132Managing User and Administrative Data with the Central Store14Managing the User Experience with the Single Sign-on Component ofthe Delivery Services Console.15Interacting with the User with the Single Sign-on Plug-in.16Providing Additional Features with the Single Sign-on Service .18New Features in Single Sign-on 4.8.19Licensing Requirements .21Single Sign-on in Disconnected Mode .22Managing a Mixed License Type Environment .23To employ available concurrent user licenses to be used offline24Single Sign-on System Software Requirements .25Single Sign-on Software Requirements.27Setting Security and Accounts Prior to Installing Single Sign-on Service30Accounts Required to Install and Use Single Sign-on .33Installing the Java Runtime Environment .34Planning Your Single Sign-on Environment.35Identifying the Four Key Components of Single Sign-on.36Central Store Types .37Choosing an Active Directory Central Store .38Choosing an NTFS Network Share .40Using Account Association with Multiple Central Stores and UserAccount Credentials in a Multiple Domain Enterprise.42Advantages of Using Account Association .43Password Policies.44Password Policy Considerations .46Default Settings for the Default and Domain Password Policies47
3Types of Applications Supported by Single Sign-on .50Collect Information About Each Application in Advance .51Smart Cards .52Requiring Identity Verification .53Verifying User Identity by Using Security Questions (Question-BasedAuthentication) .54Recovering or Unlocking User Credentials Automatically .55Planning Your Single Sign-on Plug-in User Configurations .56Enabling the Sharing of the Same Resources or Workstation Among ManyUsers (Hot Desktop).58Selecting Optional Single Sign-on Service Features .60Enabling Service Modules: Key Management .61Enabling Service Modules: Data Integrity .62Enabling Service Modules: Provisioning .63Enabling Service Modules: Self-Service.64Enabling Service Modules: Credential Synchronization (AccountAssociation) .65Single Sign-on Plug-in Software Deployment Scenarios .66Planning for Multiple Primary Authentication and User CredentialProtection .68Installing Single Sign-on .73Installation Order .74Single Sign-on Component Installation Configurations .75To create a central store .76Installing the Single Sign-on Console Component .77Installing and Configuring the Service Modules.78Installing and Configuring the Single Sign-on Plug-in .81Installation Scenarios .82To install the Single Sign-on plug-in on a local device.83To configure the service for multidomain use .85Upgrading Single Sign-on to version 4.8.87Single Sign-on Administration .89Enforcing Password Requirements .90Creating Password Policies .92Helping to Increase Password Strength and Security .93Configuring Single Sign-on to Recognize Applications .94Application Templates.96How Single Sign-on Plug-in Identifies Applications and User CredentialManagement Events.97Collect Information About Each Application in Advance .99
4Application Definition Wizard Overview .100Form Definition Wizard Overview .103Defining Windows Type Application Definitions .105Identifying Windows Forms with Advanced Matching.108Windows Type Application Definitions .111Window Identifier.112Identification Extensions .113Defining Action Sequences for Windows Forms Using the Action Editor114To define an action sequence .116Action Descriptions .117Considerations for Windows Type Definitions .119Web Type Application Definitions .120Gathering the Information Required for Web Application Definitions121Name Form.122Identify Form .124Define Form Actions .125Defining Action Sequences for Web Forms Using the Action Editor127Configure Other Settings .128Redirect to Windows Application Configuration.129Advanced Settings Dialog Box for Web Applications .130Terminal Emulator Type Application Definitions .132Form Definition Process.133Name Form .134Identify Form.135Set Field Detection Rules .136Configure Other Settings .137Advanced Settings for Terminal Emulator-Based Applications .138Considerations for Terminal Emulator Type Definitions .139Terminal Emulation Support .140Mfrmlist.ini Field Definitions.142Creating User Configurations .144Default User Configuration Properties .145To specify a domain controller for an existing user configuration .149To create a user configuration .150Choose Applications .151Configure Plug-in Interaction .152Advanced Settings.154
5Configure Licensing.158Select Data Protection Methods .160Select Secondary Data Protection.163Enable Self-Service Features.164Locate Service Modules .165Synchronizing Credentials by Using Account Association .166Choosing and Configuring a Domain to Host the CredentialSynchronization Module .167To configure the credential synchronization features in thehost domain.168To manually synchronize application definitions amongdomains.169To configure Account Association user settings in otherdomains.170To configure Account Association in the plug-in software .171To reset user data.172To delete user data .173To prompt users to reregister .174To set a user configuration priority .175Assigning a User Configuration to Different Users .176Upgrading Existing User Configurations.177User Authentication and Identity Verification .178Overview of Identity Verification Methods .180If Users Switch among Multiple Primary Authentication Methods .182Managing Question-Based Authentication.183Confirming User Identity Using Question-Based Authentication .184Considerations.185Question-Based Authentication Workflow .186Designing Security Questions: Security Versus Usability .187Managing Your Questions.188To create new security questions .189To set a default language .190To add or edit text for existing questions .191To add, remove, or change the order of the security questions in thequestionnaire .192To create a security question group .193To edit a security question group .194To select one or more question for key recovery.195To enable security answer masking .196To make your questionnaire backward compatible .197
6To check for backward compatibility.198Allowing Users to Reregister Answers to Their Security Questions .199Allowing Users to Manage Their Primary Credentials with Account Self-Service .200Overview of Self-Service .201Using Automatic Key Management with Self-Service .202Summary of Self-Service Implementation Tasks.203To reset self-service user registration .204User Experience .205Using Provisioning to Automate Credential Entry.206Summary of Provisioning Tasks.207Generating a Credential Provisioning Template.208Editing the Provisioning Template.209The cpm-provision Tag .211The user Tag.212The add Command.213The modify Command .214The delete Command .216The remove Command .217The reset Command .218The list-credentials Command .219To process your provisioning template .220Tuning Credential Provisioning Processing .221Hot Desktop: A Shared Desktop Environment for Users.222Summary of Hot Desktop Tasks .223Hot Desktop Start Up and Shut Down Process Flow .224Troubleshooting Hot Desktop User Startup.225Creating a Hot Desktop Shared Account .226Guidelines for the Hot Desktop Shared Account.227Requirements for Applications Used with Hot Desktop .228Controlling How Applications Behave for Hot Desktop Users.229The Session.xml File .231startup scripts .233shutdown scripts .234Launching Applications Using Session.xml .235The Process.xml File.236shellexecute processes .237persistent processes .238
7transient processes .239User Configuration Settings for Hot Desktop.240To install Hot Desktop .242To uninstall Hot Desktop .243To enable terminal services after you uninstall Hot Desktop .244To enable multiple sessions .245To view Hot Desktop profiles.246To disable AutoAdminLogon Support .247To change the Hot Desktop shared account password .248To shut down a Hot Desktop workstation .249Interacting with Other Citrix Products.250Operations .251Logging Single Sign-on Events .252Mfrmlist.ini File.254Single Sign-on Plug-in Does Not Submit Credentials .255Supporting Terminal Emulators .257To configure emulator support.258Single Sign-on Plug-in Software Does not Start .259Creating a New Signing Certificate .260Signing, Unsigning, Re-signing, and Verifying Data .261Signing Data (-s).262Re-signing Data (-r).263Unsigning Data (-u) .265Verifying Data (-v) .266Displaying Help (-h) .267Enabling and Disabling the Data Integrity Service on Single Sign-on Plug-inSoftware .268Removing Deleted Objects from Your Central Store.269Moving Data to a Different Central Store.270Migrating Data to a New Central Store .272Exporting Application Definitions .275To back up the service .276To restore the service .277Single sign-on 4.8 Settings Reference .278User Configurations .279Basic Plug-in Interaction.280Plug-in User Interface .282Client-Side Interaction .284
8Synchronization .286Account Association .288Application Support .290Hot Desktop.292Licensing .294Data Protection Methods .296Secondary Data Protection .299Self-Service Features.301Key Management Module .302Provisioning Module .303Application Definitions .304Application Forms.305Application Icon.306Advanced Detection .307Password Expiration .308Password Policies.309Basic Password Rules .310Alphabetic Character Rules .311Numeric Character Rules .313Special Characte
Citrix Single sign-on provides password security and single sign-on access to Windows, Web, and terminal emulator applications running in the Citrix environment as well as applications running on the desktop. Users authenticate once and Single sign-on does the rest, automatically logging on to password-protected information systems, enforcing .File Size: 1MB
