Citrix Single Sign On step by step implementation guide



This article explains the steps to run and configure Citrix Single Sign on (Password manager) component in the XenApp environment. Please check the update at the end of the article.

Make sure that you have XenApp Platinum licenses before implementing Citrix SSO.

These steps need to be performed on the XenApp server which is going to host Single Sign component and plugin. I typically install SSO component on Citrix Zone data collector (Most preferred).

·         Login to the server on which you would like to install the SSO component with the account which is part of the Schema Administrators group and Domain Administrators group

·         Make sure that Active Directory Schema master is set to allow updates as SSO requires schema extension as I am selecting Active Directory as the central store

·         Open the Command prompt with elevated rights (Run As administrator)

Citrix Single Sign on password manager
·         Then go to C:\ and run “ServerManagerCmd -i RSAT-ADDS” from the command prompt

Schema extension command

·         Reboot the server
·         Then open the command prompt with administrative rights and execute and navigate to password manager tools folder.

C:\Install\XenApp install media\Support\Password_Manager\Tools (This is the path/ location for ctxschemaprep and ctxdomainprep

·         Execute “CtxSchemaPrep” from the command prompt

Citrix SSO Schema extension

·         Execute “CtxDomainPrep” from command prompt

·         After extending the Active directory, open Citrix AppCentre and select “configure and run discovery” with right-click on “Citrix AppCenter” as per the following screenshot
·          Then follow the discovery wizard as per following screens




·          In identify Central Store screen, select “Any Writable Domain Controller” if you don’t have any preference in Active Directory Servers and click next

Citrix Single Sign on Central store configuration

·          I have selected Single Sign-on encryption method as “Advanced Encryption Standard (AES)” method which is recommended by Citrix. When you go to the next screen, the encryption method cannot be changed.


·          Since I am not enabling Data Integrity, I left Data integrity option unchecked in the following screen




·         Once run and discovery wizard finished, make sure that you can see various Single Sign On options available as per below screen.

After this, you need to create Application definition, password policy and user configurations to configure individual applications in Citrix password manager environment.



UPDATE : Please note that Citrix SSO EOM (End of Maintenance) is 24-Aug-15 and EOL (End of Life) is 24-Feb-16 and SSO doesn’t work with Windows 8 or Windows server 2012. XenApp 6.5 is the last product version which includes Citrix Single Sign On. Citrix officially recommends to use their partner solution i.e.  Imprivata Single Sign On and its architecture is similar to Citrix SSO.
Imprivata is Citrix Ready partner.

I heard that there is other alternative to Imprivata Single Sign On for Citrix, i.e. Caradigm SSO. I don’t have much details about this. Please share your comments if you have more information about these products.


Please share on social media if you found this post helpful. If you have a comment or question, please post and add your voice to the conversation.

5 comments:

  1. Note: If you're on 2008R2 the ability to extend the schema with the servermanagercmd has been removed. Use the following powershell commands to do the same thing:
    Open command prompt as administrator
    and then type the following commands pressing enter between each
    - powershell
    - Import-Module ServerManager
    - Add-WindowsFeature RSAT-ADDS
    - Install-WindowsFeature RSAT-ADDS
    - exit
    - exit

    ReplyDelete
  2. Thanks John for comments/ info.

    I remember executing my instructions on Win2k8 R2, but not 100% sure.

    Many thanks,

    ReplyDelete
  3. The instructions "As Is" worked for me Windows Server 2008 R2 - Thanks!!

    ReplyDelete
  4. Absolutely brilliant article,You have written it so nicely and precisely about single sign on solutions with step by step guide.Thanks for sharing this wonderful blog with us.Keep posting such stuff in future.

    ReplyDelete
  5. Good Informative blog!! I was browsing over internet for some information around single sign on when I happened to see your post.Though I'm very late to comment on this topic.you have exolained everything in step by step manner with images.Anyway thank you for sharing this blog with everyone.It was worth reading your blog!Hope to see more post like this from you in future.

    ReplyDelete