Windows autologon
The Windows autologon functionality enables Citrix Secure Access client to establish a tunnel with NetScaler automatically once the user logs in to the Windows machine. The authentication methods that support the Windows autologon functionality are LDAP and Kerberos.
Configure Windows autologon by using the CLI
You can configure Windows autologon by using the following CLI command:
set vpn parameter -windowsAutoLogon ON
Autologon with Kerberos authentication
Starting from Citrix Secure Access client for Windows versions 23.10.1.7 and later, you can use the Kerberos authentication method for autologon.
With this authentication method, the back-end Kerberos SSO works seamlessly without the admin having to push any additional back-end URL configurations to the client machines. Also, the Gateway URL gets automatically added in the Internet Properties > Trusted Sites section on the client machines.
Pre-requisites
-
Admin configurations: If Kerberos authentication is configured on NetScaler with
windowsAutoLogonset to ON, the Kerberos authentication method is automatically enabled with NetScaler. For details, see Configuring Kerberos authentication on the NetScaler appliance.Admins must also configure Kerberos authentication on their client machines. For details, see Configure Kerberos authentication on a client.
-
End-user configurations: End-users must have Microsoft Edge WebView enabled on the Citrix Secure Access client. For details, see Microsoft Edge WebView support for Windows Citrix Secure Access.
Configure Kerberos authentication with Citrix Secure Access client
To configure Kerberos authentication with Citrix Secure Access client, admins must set the EnableKerberosAuth VPN client registry key. For details about the VPN registry key, see NetScaler Gateway Windows VPN client registry keys.