Gateway

Understanding MSAL Token Authentication

Following is the flow of events in a typical Citrix Gateway-MSAL token authentication:

  1.  When an app is launched in iOS or Android, the app contacts Azure. The user is prompted to log on with user credentials. After a successful logon, the app gets an MSAL token.

  2.  This MSAL token is presented to a Citrix Gateway, which has been configured to validate the MSAL token.

  3.  Citrix Gateway validates the signature of the MSAL token with the corresponding certificate from Microsoft.

  4.  After a successful validation, Citrix Gateway extracts the User’s Principal Name (UPN) and grants the app VPN access to the internal resources.

Understanding MSAL Token Authentication