Citrix Single Sign On step by step implementation guide

This article explains the steps to run and configure Citrix Single Sign on (Password manager) component in the XenApp environment. Please check the update at the end of the article.

Make sure that you have XenApp Platinum licenses before implementing Citrix SSO.

These steps need to be performed on the XenApp server which is going to host Single Sign component and plugin. I typically install SSO component on Citrix Zone data collector (Most preferred).

·         Login to the server on which you would like to install the SSO component with the account which is part of the Schema Administrators group and Domain Administrators group

·         Make sure that Active Directory Schema master is set to allow updates as SSO requires schema extension as I am selecting Active Directory as the central store

·         Open the Command prompt with elevated rights (Run As administrator)

·         Then go to C:\ and run “ServerManagerCmd -i RSAT-ADDS” from the command prompt

·         Reboot the server

·         Then open the command prompt with administrative rights and execute and navigate to password manager tools folder.

C:\Install\XenApp install media\Support\Password_Manager\Tools (This is the path/ location for ctxschemaprep and ctxdomainprep

·         Execute “CtxSchemaPrep” from the command prompt

·         Execute “CtxDomainPrep” from command prompt

·         After extending the Active directory, open Citrix AppCentre and select “configure and run discovery” with right-click on “Citrix AppCenter” as per the following screenshot

·          Then follow the discovery wizard as per following screens

·          In identify Central Store screen, select “Any Writable Domain Controller” if you don’t have any preference in Active Directory Servers and click next

·          I have selected Single Sign-on encryption method as “Advanced Encryption Standard (AES)” method which is recommended by Citrix. When you go to the next screen, the encryption method cannot be changed.

·          Since I am not enabling Data Integrity, I left Data integrity option unchecked in the following screen

·         Once run and discovery wizard finished, make sure that you can see various Single Sign On options available as per below screen.

After this, you need to create Application definition, password policy and user configurations to configure individual applications in Citrix password manager environment.

UPDATE : Please note that Citrix SSO EOM (End of Maintenance) is 24-Aug-15 and EOL (End of Life) is 24-Feb-16 and SSO doesn’t work with Windows 8 or Windows server 2012. XenApp 6.5 is the last product version which includes Citrix Single Sign On. Citrix officially recommends to use their partner solution i.e.  Imprivata Single Sign On and its architecture is similar to Citrix SSO.

Imprivata is Citrix Ready partner.

I heard that there is other alternative to Imprivata Single Sign On for Citrix, i.e. Caradigm SSO. I don’t have much details about this. Please share your comments if you have more information about these products.

Please share on social media if you found this post helpful. If you have a comment or question, please post and add your voice to the conversation.