Gateway

Current Release 13.1 13.0 12.1

Citrix Gateway release notes
About Citrix Gateway
Common Citrix Gateway deployments
Client software requirements
Citrix Gateway compatibility with Citrix products
Citrix Gateway licensing
- Install a license on Citrix Gateway
- Citrix Gateway licensing FAQs
Before Getting Started
Pre-installation checklist
Install and configure the Citrix Gateway appliance
- Configure the Citrix Gateway appliance by using wizards
- Configure Citrix Gateway settings
- Configure the host name and FQDN on Citrix Gateway
- Policies and profiles on Citrix Gateway
- System expressions on Citrix Gateway
- Certificates management on Citrix Gateway
- Manage Citrix Gateway configuration settings
- Certificates management on Citrix Gateway
- Test your Citrix Gateway configuration
Upgrade the Citrix Gateway software
Deploy Citrix Gateway in a double-hop DMZ
- Communication flow in a double-hop DMZ deployment
- Install and configuring Citrix Gateway in a double-hop DMZ
Maintain and monitor Citrix Gateway systems
- Configuring Delegated Administrators
  - Configuring Command Policies for Delegated Administrators
  - Configuring Custom Command Policies for Delegated Administrators
- Configuring Auditing on Citrix Gateway
  - Configuring Logs on Citrix Gateway
  - Configuring ACL Logging
- Enabling Citrix Gateway plug-in Logging
- To monitor ICA connections
Authentication and Authorization
- Configuring Default Global Authentication Types
- Configuring Authentication Without Authorization
- Configuring Authorization
  - Configuring Authorization Policies
  - Setting Default Global Authorization
- Disabling Authentication
- Configuring Authentication for Specific Times
- How Authentication Policies Work
  - Configuring Authentication Profiles
  - Binding Authentication Policies
  - Setting Priorities for Authentication Policies
- Configuring Local Users
- Configuring Groups
  - Adding Users to Groups
  - Configuring Policies with Groups
- Configuring LDAP Authentication
  - To configure LDAP authentication by using the configuration utility
  - Determining Attributes in Your LDAP Directory
  - Configuring LDAP Group Extraction
  - Configuring LDAP Group Extraction for Multiple Domains
  - 14-day password expiry notification for LDAP authentication
- Configuring Client Certificate Authentication
  - Configuring and Binding a Client Certificate Authentication Policy
  - Configuring two-factor Client Certificate Authentication
  - Configuring Smart Card Authentication
- Configuring RADIUS Authentication
  - To configure RADIUS authentication
  - Choosing RADIUS Authentication Protocols
  - Configuring IP Address Extraction
  - Configuring RADIUS Group Extraction
  - Configuring RADIUS user accounting
- Configuring SAML Authentication
  - Configure SAML authentication
  - Using SAML authentication to log in to Citrix Gateway
  - Improvements in SAML Authentication
- Configuring TACACS+ Authentication
  - Clear Config Basic Must Not Clear TACACS Config
- Configuring Multifactor Authentication
  - Configuring Cascading Authentication
  - Configuring Two-Factor Authentication
- Native OTP Support for Authentication
- Push notification for OTP
- Configuring single sign-on
  - Configuring single sign-on with Windows
  - Configuring single sign-on to Web Applications
  - Configuring single sign-on to a Domain
  - Configuring single sign-on for Microsoft Exchange 2010
- Configuring One-Time Password Use
  - Configuring RSA SecurID Authentication
  - Configuring Password Return with RADIUS
  - Configuring SafeWord Authentication
  - Configuring Gemalto Protiva Authentication
- nFactor for Citrix Gateway Authentication
- Citrix Gateway Visualizer
- Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices
- Restrict access to Citrix Gateway for members of one Active Directory group
High Availability deployment
- How High Availability Works
- Configuring Settings for High Availability
  - Creating or Changing an RPC Node Password
  - Configuring the Primary and Secondary Appliances for High Availability
- Configuring Communication Intervals
- Synchronizing Citrix Gateway Appliances
- Synchronizing Configuration Files in a High Availability Setup
- Configuring Command Propagation
  - Troubleshooting Command Propagation
- Configuring Fail-Safe Mode
- Configuring the Virtual MAC Address
  - Configuring IPv4 Virtual MAC Addresses
  - Configuring IPv6 virtual MAC addresses
- Configuring High Availability Pairs in Different Subnets
  - Adding a Remote Node
- Configuring Route Monitors
  - Adding or Removing Route Monitors
- Configuring Link Redundancy
- Understanding the Causes of Failover
- Forcing Failover from a Node
Citrix Gateway deployment in cluster configurations
- Configuring Clustering
Unified Gateway
- Citrix Gateway FAQ
VPN configuration on a Citrix Gateway appliance
- How users connect with the Citrix Gateway plug-in
- Full VPN setup on a Citrix Gateway appliance
- Select the user access method
- Deploy Citrix Gateway plug-ins for user access
- Select the Citrix Gateway plug-in for users
  - Deploy the Citrix Gateway plug-in from Active Directory
  - Manage Citrix Gateway plug-in by using Active Directory
- Integrate the Citrix Gateway plug-in with Citrix Workspace app
  - How users connect with Citrix Workspace app
  - Decouple the Citrix Workspace app icon
  - Configure IPv6 for ICA connections
  - Configure the Citrix Workspace app home page on Citrix Gateway
  - Apply the Citrix Workspace app theme to the Citrix Gateway logon page
  - Create a custom theme for the Citrix Gateway logon page
- Citrix Gateway VPN client registry keys
- Enforce the HttpOnly flag on authentication cookies
- Customize the user portal for VPN users
  - Prompt users to upgrade older or unsupported browsers by creating a custom page
- Clientless VPN access with Citrix Gateway
  - Advanced clientless VPN access with Citrix Gateway
  - Configure domain access for users
  - Clientless VPN access for SharePoint 2003, SharePoint 2007, and SharePoint 2013
  - Enable clientless access persistent cookies
  - Save user settings for clientless access through Web Interface
- Citrix SSO VPN client for mobile devices
- Configure the Client Choices page
- Configure access scenario fallback
- Configure connections for the Citrix Gateway plug-in
  - Configure the number of user sessions
  - Configure time-out settings
  - Connect to internal network resources
  - Configure split tunneling
  - Configure client interception
  - Configure name service resolution
  - Enable proxy support for user connections
  - Configure address pools
  - Support for VoIP phones
  - Configure application access for the Citrix Gateway plug-in for Java
  - Configure Access Interface
  - Create and apply web and file share links
- Traffic policies
- Session policies
  - Configure Citrix Gateway session policies for StoreFront
- Advanced policy support for Enterprise bookmarks
- Endpoint polices
  - Preauthentication policies and profiles
  - Post-authentication policies
  - Preauthentication device check expressions for user devices
  - Configure Device Certificate in nFactor as an EPA component
  - EPA as a factor in nFactor authentication
- Advanced Endpoint Analysis scans
  - Advanced Endpoint Analysis Policy Expression Reference
  - EPA scan for MAC addresses
- Manage user sessions
- Always On
- Always On VPN before Windows Logon
  - Configure Always On VPN before Windows Logon
Using Advance Policy to Create VPN Policies
Configure DTLS VPN virtual server using SSL VPN virtual server
Integrate Citrix Gateway with Citrix products
- How users connect to applications, desktops, and ShareFile
- Integrate Citrix Gateway with StoreFront
- Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
- Deploy Citrix Gateway with Citrix Endpoint Management, Citrix Virtual Apps, and Citrix Virtual Desktops
- Configure settings for your Citrix Endpoint Management Environment
Microsoft Intune Integration
- When to Use the Integrated Intune MDM Solution
- Understanding the Citrix Gateway Intune MDM Integration
- Configuring Network Access Control device check for Citrix Gateway virtual server for single factor authentication deployment
- Configuring a Citrix Gateway application on the Azure portal
- Understanding MSAL Token Authentication
- Configuring Citrix Gateway Virtual Server for MSAL Token Authentication
- Set up Citrix Gateway for using micro VPN with Microsoft Endpoint Manager
- Extended support for Azure AD Graph
HDX Enlightened Data Transport Support
- When to Use Enlightened Data Transport Support
- Configuring Citrix Gateway to Support Enlightened Data Transport and HDX Insight
- L7 Latency Thresholding
RDP Proxy
- Stateless RDP Proxy
- RDP connection redirection
- Populate RDP URLs based on LDAP attribute
- Randomize RDP file name with RDP proxy
- Configure names for RDP files
Outbound ICA Proxy support
- Configuring Outbound ICA Proxy
Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View
- Configuring Citrix Gateway Enabled PCoIP proxy for VMware Horizon View
- Configuring VMware Horizon View Connection Server
Proxy Auto Configuration for Outbound Proxy support for Citrix Gateway
Configuration support for SameSite cookie attribute
Optimize network traffic with Citrix SD-WAN WANOP
RfWebUI Persona on Citrix Gateway UX Configuration
- RfWebUI configuration parameters
Citrix Gateway portal customizations
- Citrix Gateway portal customization using custom plug-ins
- Create and customize login schema
- Portal customizations from the Admin UI
Optimizing Citrix Gateway VPN split tunnel for Office365
Type of Service Support for UDP traffic
Configuring Server Name Indication Extension
Validating the Server Certificate During an SSL Handshake
Simplified SaaS app configuration using a template
Access Citrix Virtual Apps and Desktops resources with the Web Interface
- Setting Up a Web Interface Site to Work
- Configuring Communication with the Web Interface
- Configuring Additional Web Interface Settings on Citrix Gateway
  - Configuring Web Interface Failover
  - Configuring Smart Card Access with the Web Interface
- Configuring Access to Applications and Virtual Desktops in the Web Interface
- Configuring SmartAccess
- Configuring SmartControl
- Configuring single sign-on to the Web Interface
- Allowing File Type Association
  - Creating a Web Interface Site
  - Configuring Citrix Gateway for File Type Association
Document History

View PDF

This content has been machine translated dynamically.

Give feedback here

Thank you for the feedback

NetScaler Gateway
Citrix Gateway 13.0

This content has been machine translated dynamically.

Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)

Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)

Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)

此内容已经过机器动态翻译。放弃

このコンテンツは動的に機械翻訳されています。免責事項

이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인

Este texto foi traduzido automaticamente. (Aviso legal)

Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))

This article has been machine translated.

Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)

Ce article a été traduit automatiquement. (Clause de non responsabilité)

Este artículo ha sido traducido automáticamente. (Aviso legal)

この記事は機械翻訳されています.免責事項

이 기사는 기계 번역되었습니다.책임 부인

Este artigo foi traduzido automaticamente.(Aviso legal)

这篇文章已经过机器翻译.放弃

Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))

Switch to english Auf Englisch anzeigen Lire en anglais Leer en inglés 英語に切り替え 영어로 전환 Mudar para ingles 切换到英文 Passa all'inglese

Translation failed!

Understanding MSAL Token Authentication

October 9, 2024

Contributed by:

Following is the flow of events in a typical Citrix Gateway-MSAL token authentication:

When an app is launched in iOS or Android, the app contacts Azure. The user is prompted to log on with user credentials. After a successful logon, the app gets an MSAL token.
This MSAL token is presented to a Citrix Gateway, which has been configured to validate the MSAL token.
Citrix Gateway validates the signature of the MSAL token with the corresponding certificate from Microsoft.
After a successful validation, Citrix Gateway extracts the User’s Principal Name (UPN) and grants the app VPN access to the internal resources.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

DIESER DIENST KANN ÜBERSETZUNGEN ENTHALTEN, DIE VON GOOGLE BEREITGESTELLT WERDEN. GOOGLE LEHNT JEDE AUSDRÜCKLICHE ODER STILLSCHWEIGENDE GEWÄHRLEISTUNG IN BEZUG AUF DIE ÜBERSETZUNGEN AB, EINSCHLIESSLICH JEGLICHER GEWÄHRLEISTUNG DER GENAUIGKEIT, ZUVERLÄSSIGKEIT UND JEGLICHER STILLSCHWEIGENDEN GEWÄHRLEISTUNG DER MARKTGÄNGIGKEIT, DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK UND DER NICHTVERLETZUNG VON RECHTEN DRITTER.

CE SERVICE PEUT CONTENIR DES TRADUCTIONS FOURNIES PAR GOOGLE. GOOGLE EXCLUT TOUTE GARANTIE RELATIVE AUX TRADUCTIONS, EXPRESSE OU IMPLICITE, Y COMPRIS TOUTE GARANTIE D'EXACTITUDE, DE FIABILITÉ ET TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE, D'ADÉQUATION À UN USAGE PARTICULIER ET D'ABSENCE DE CONTREFAÇON.

ESTE SERVICIO PUEDE CONTENER TRADUCCIONES CON TECNOLOGÍA DE GOOGLE. GOOGLE RENUNCIA A TODAS LAS GARANTÍAS RELACIONADAS CON LAS TRADUCCIONES, TANTO IMPLÍCITAS COMO EXPLÍCITAS, INCLUIDAS LAS GARANTÍAS DE EXACTITUD, FIABILIDAD Y OTRAS GARANTÍAS IMPLÍCITAS DE COMERCIABILIDAD, IDONEIDAD PARA UN FIN EN PARTICULAR Y AUSENCIA DE INFRACCIÓN DE DERECHOS.

本服务可能包含由 Google 提供技术支持的翻译。Google 对这些翻译内容不做任何明示或暗示的保证，包括对准确性、可靠性的任何保证以及对适销性、特定用途的适用性和非侵权性的任何暗示保证。

このサービスには、Google が提供する翻訳が含まれている可能性があります。Google は翻訳について、明示的か黙示的かを問わず、精度と信頼性に関するあらゆる保証、および商品性、特定目的への適合性、第三者の権利を侵害しないことに関するあらゆる黙示的保証を含め、一切保証しません。

ESTE SERVIÇO PODE CONTER TRADUÇÕES FORNECIDAS PELO GOOGLE. O GOOGLE SE EXIME DE TODAS AS GARANTIAS RELACIONADAS COM AS TRADUÇÕES, EXPRESSAS OU IMPLÍCITAS, INCLUINDO QUALQUER GARANTIA DE PRECISÃO, CONFIABILIDADE E QUALQUER GARANTIA IMPLÍCITA DE COMERCIALIZAÇÃO, ADEQUAÇÃO A UM PROPÓSITO ESPECÍFICO E NÃO INFRAÇÃO.

Instructions for Contributors

This content has been machine translated dynamically.

Give feedback here

Thank you for the feedback

Understanding MSAL Token Authentication

October 9, 2024

Contributed by:

October 9, 2024

Contributed by:

Understanding MSAL Token Authentication

In this article