AuthX integrates with your on-premises Citrix Xenapp using Citrix FastConnect to add two-factor authentication and auto launch the Citrix applications during Windows logins.
System Requirements
AuthX Authentication for Windows Logon supports both client and server operating systems.
Clients:
-
Windows 10 & above.
Servers:
-
Citrix Xenapp Server 10.15 & above.
AuthX Factor Support
AuthX for Citrix FastConnect support these factor types for 2FA:
-
RFID
Steps to Protect an Application
Before moving on to the deployment process, it’s a good idea to familiarize yourself with AuthX portal concept and features like Managing Applications, Enrolling AuthX users and AuthX policy settings.
Manage Applications
-
Sign up for an AuthX account.
-
Navigate to Applications tab.
-
Click Protect an application and select Protect for Windows.
-
Provide your inputs on the Application Name, Description, Policies & Groups
-
For the Advanced configuration
-
Select Allow roaming profile for biometrics
-
In the Advanced configuration, add this code.
{"companyConfiguration":{"region":"","timezone":"Eastern Standard Time","companyLogo":"","companyIcon":"","companyAuthfactors":{"mobileOptions":{"isPalmPush":true,"isFacePush":true,"isPush":true,"isTotp":true,"isSMS":true,"isCall":true},"nativeOptions":{"isFace":true,"isFinger":true,"isRfid":true,"isPalm":true,"isPassword":true,"isHardwareToken":true,"isSoftwareToken":true}}},"biometricConfiguration":{"finger":{"delay":2,"DeviceType":"6","MatchScore":3000,"SpoofScore":500,"QualityScore":40,"RetryCount":2,"TemplateType":"1","TimeOut":"20"},"face":{"Sharpness":{"min":0,"max":10000,"IsConfigured":false},"Brightness":{"min":-7000,"max":5000,"IsConfigured":false},"Contrast":{"min":-5000,"max":5000,"IsConfigured":false},"UniqueIntensityLevels":{"min":0,"max":10000,"IsConfigured":false},"Shadow":{"min":-700,"max":10000,"IsConfigured":false},"NoseShadow":{"min":-80,"max":10000,"IsConfigured":false},"Specularity":{"min":-700,"max":10000,"IsConfigured":false},"EyeGaze":{"min":-400,"max":10000,"IsConfigured":false},"EyeStatusR":{"min":-400,"max":10000,"IsConfigured":false},"EyeStatusL":{"min":-400,"max":10000,"IsConfigured":false},"GlassStatus":{"min":-8000,"max":5000,"IsConfigured":false},"HeavyFrame":{"min":-10000,"max":300,"IsConfigured":false},"MouthStatus":{"min":0,"max":10000,"IsConfigured":false},"BackgroundUniformity":{"min":-5000,"max":10000,"IsConfigured":false},"RedEyeR":{"min":-10000,"max":0,"IsConfigured":false},"RedEyeL":{"min":-10000,"max":0,"IsConfigured":false},"Roll":{"min":-5000,"max":5000,"IsConfigured":false},"Yaw":{"min":-5500,"max":5500,"IsConfigured":false},"Pitch":{"min":-5500,"max":10000,"IsConfigured":false},"EyeDistance":{"min":50,"max":250,"IsConfigured":false},"FaceConfidence":{"min":600,"max":10000,"IsConfigured":true},"FaceVerificationConfidence":{"min":9000,"max":10000,"IsConfigured":false},"faceErrors":{"Sharpness":null,"MaxBrightness":null,"MinBrightness":null,"MaxContrast":null,"MinContrast":null,"Shadow":null,"NoseShadow":null,"Specularity":null,"EywGaze":null,"EyeStatusR":null,"EyeStatusL":null,"GlassStatus":null,"HeavyFrame":null,"MouthStatus":null,"BackgroundUniformity":null,"RedEyeR":null,"RedEyeL":null,"Roll":null,"Yaw":null,"Pitch":null,"MaxEyeDistance":null,"MinEyeDistance":null,"FaceConfidence":null,"FaceVerificationConfidence":null},"MatchScore":75,"CompanyId":null},"palm":null},"applicationConfiguration":{"applicationName":"WindowsLogon","applicationType":"2","advancedConfiguration":[{"login_options_tile_view":"0","user_self_support":false,"username_display_on_screen":true,"password_authentication":2,"password_authentication_expiry":12,"default_auth_code":"Password","exclude_user_group":null,"login_as":"","work_group":null,"user_group":null,"rfid_only":false,"tap_to_logoff":false,"logoff_action":"","Application_start":[],"inactivity_period":86400,"session_end_action":1,"kill_app_process":false,"kill_background_process":false,"kill_application_exclude":[],"kill_application_explicit":[],"help_desk_information":"","authenticate_user_for_enrollment":true}]},"applicationPolicy":{"policyName":"Default Global Policy","adDomain":"","emailDomain":"","ip":null,"policyAuthfactors":{"isface":true,"isPalmPush":true,"isPalm":true,"isFacePush":true,"isPush":true,"istotp":true,"issms":true,"isCall":true,"isFinger":true,"isRfid":true,"isPassword":true,"isHardwareToken":true,"isSoftwareToken":true,"isBle":false}},"authSystemConfig":{"Status":1,"MachineName":"JANA-LAP","IsAutoLogon":false,"PcIdentifier":"8eac3e00e230c8cc973f3febd15cd9dc4f40d35dc14d6b6d3d1fb2cb879e1758"},"message":null,"code":1,"isActive":false,"dateTime":"2020-07-13T14:06:23.4252338Z","version":0}
-
-
-
-
Save the application.
Enroll a user
Add your first user to AuthX, either manually or using Directory sync. The username should match your Windows logon name. Install AuthX mobile app and add your account to it so you can use AuthX Push. If the user logging in Windows which does not exist in AuthX, the user may not be able to log in.
Policy Management
-
Utilize the available default policy or create your own policy to restrict on the following
-
Authentication
-
Browsers – Desktop & Mobile
-
Operating System
-
IP address
-
Citrix Receiver Configuration
-
If required, please make sure to connect VPN
-
Download and install Citrix Receiver https://www.citrix.com/en-in/downloads/citrix-receiver/windows/receiver-for-windows-latest.html
-
Select Add Account.
-
Add your Citrix server details here
-
Enter your Windows logon details on the Citrix Receiver
-
Username – Windows logon name with domain
-
Password – Windows logon password
-
-
On successful login, Citrix Receiver will be launched.
-
Select anyone of the application from above & it will open up.
Enable Citrix application
-
Download and Install AuthX Windows agent from here
-
Go to Local Disc C folder
-
Select Program Files
-
Select AuthX and select AuthX Windows Agent
-
Select CitrixConfigUtil folder, right click and select Run as Administrator
-
Now the Citrix application config utility popup opens up.
-
Select Enable Citrix Signle Sign-on and save it
-
Now the Windows Console opens up
-
After the policy is updated, the windows console popup closed automatically.
-
Go to Citrix application config utility and input your details
-
Username – Windows logon name
-
-
Select Load and then select New
-
In the Application details, input your values
-
ID: 1 (Any number)
-
Name: To mention the name of the application listed in the Citrix Receiver
-
If you want the application to launch automatically after logon, you can select Auto-Start
-
Select Save which is next to Auto- start.
-
Select Assign
-
-
Now the above selected application will be assigned to Windows Logon user
Internet Explorer Configuration
-
Open the IE browser
-
Select Tools
-
Select Internet options and navigate to Security tab
-
Select Local Intranet
-
Select Sites
-
Select Advanced
-
Add the Citrix website https://az-east-citrix.certify.org in Add this website to the zone and click Add button
-
Select Close
-
Select OK & close the popup
-
-
Verifying Citrix Configuration
-
Restart your system
-
Go to System Tray and right click on the Citrix Receiver icon
-
Select Advanced Preferences
-
Select Configuration Checker
-
Enable SSON Checker & select Run
-
Now you can see the results
Enroll RFID in AuthX Windows Agent
-
Go to System tray
-
Right click on the AuthX Windows Agent and select User Configuration
-
Make sure that your Profile details are in Sync
-
Select Authentication to enroll your RFID
-
Connect your RFID reader & then select Enroll
-
Place your RFID card in the reader
-
Authentication successful
-
Test Citrix application auto launch
-
Now lock you system.
-
Try to unlock using enrolled RFID card.
-
After successful logon, the selected application will be launched automatically.
Network Diagram