Citrix SSO for Mac OS X. User Guide

Similar documents
OVERVIEW... 3 WHAT'S NEW... 3 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5

Citrix SSO for ios. Page 1 18

Table of Contents HOL-1757-MBL-6

Table of Contents. VMware AirWatch: Technology Partner Integration

XenMobile 8.5 Migration Whitepaper

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

APSCN VPN SETUP F5 VPN October Update

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

BIG-IP APM and F5 Access for ios Version 3.0.0

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Citrix StoreFront 2.0

Azure MFA Integration with NetScaler

Aventail ST2 SSL VPN New Features Guide

VMware Browser Admin Guide Configuring and deploying the VMware Browser

BIG-IP APM and F5 Access for macos. Version 1.0.0

Citrix Workspace app 1808 for ios

Sophos Mobile. super administrator guide. product version: 9

Pulse Secure Desktop Client

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

G/On. G/On is available for Windows, MacOS and Linux (selected distributions).

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

VMware Browser Admin Guide Configuring and deploying the VMware Browser

Pulse Secure Client for Chrome OS

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Accessing Positive Networks on an ipad/iphone

Phil Schwan Technical

Administering Jive Mobile Apps

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

VMware AirWatch and Office 365 Application Data Loss Prevention Policies

Stonesoft Management Center. Release Notes Revision A

MotionPro Android Release Note

FortiNAC Citrix XenMobile Device Integration

NetConnect to GlobalProtect Migration Tech Note PAN-OS 4.1

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

Citrix Receiver for Universal Windows Platform

Parallels Remote Application Server

Using the Terminal Services Gateway Lesson 10

NetScaler Gateway 10.5

Sophos Mobile. super administrator guide. Product Version: 8

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

PULSE CONNECT SECURE APPCONNECT

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

BlackBerry UEM Configuration Guide

PMS 138 C Moto Black spine width spine width 100% 100%

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions. Version: Demo

Release Notes. Dell SonicWALL SRA Release Notes

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Stonesoft Management Center. Release Notes Revision A

Prerequisites CNS-220 Citrix NetScaler Essentials and Traffic Management

VII. Corente Services SSL Client

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Migrating from Citrix XenApp (IMA / FMA) to Parallels Remote Application Server

Sophos Mobile. super administrator guide. product version: 8.6

Read the following information carefully, before you begin an upgrade.

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

NGFW Security Management Center

TechTalk: Implementing Citrix Receiver from Windows to iphone. Stacy Scott Architect, Worldwide Technical Readiness

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

NGFW Security Management Center

AirWatch Mobile Device Management

Administering Jive Mobile Apps for ios and Android

Citrix Workspace app for ios

Clientless SSL VPN Overview

XenMobile 10 Cluster installation. Here is the task that would be completed in order to implement a XenMobile 10 Cluster.

BIG-IP APM: Access Policy Manager v11. David Perodin Field Systems Engineer

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Parallels Remote Application Server

Configuration Guide. BlackBerry UEM. Version 12.9

Citrix Exam 1Y0-253 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Version: 6.0 [ Total Questions: 186 ]

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Managing Windows 8.1 Devices with XenMobile

Parallels Remote Application Server

BIG-IP Access Policy Manager and F5 Access for Android. Version 3.0.4

VMware Tunnel on Linux. VMware Workspace ONE UEM 1811

1Y0-371.exam. Number: 1Y0-371 Passing Score: 800 Time Limit: 120 min. Citrix 1Y0-371

1Y Citrix NetScaler 12 Essentials and Unified Gateway. vmexam.com Exam Summary Syllabus Questions

XenMobile MDX Toolkit 10.x Fixed Issues

Symantec Mobile Management 7.1 Implementation Guide

Cisco Passguide Exam Questions & Answers

Cloud Secure Integration with ADFS. Deployment Guide

Connect to Wireless, certificate install and setup Citrix Receiver

Pulse Secure Mobile Android

Sophos Mobile super administrator guide. Product version: 7.1

Pulse Secure Access. Release Notes July R3.2. Build Published Document Version

VMware Workspace One Web. VMware Workspace ONE UEM

Merchandising Server 2.2

Remote Access User Guide for Mac OS (Citrix Instructions)

Firepower Threat Defense Remote Access VPNs

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

AWS Remote Access VPC Bundle

NGFW Security Management Center

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

BIG-IP Access Policy Manager : Application Access. Version 13.0

Integrating AirWatch and VMware Identity Manager

Cisco NAC Appliance Agents

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

Transcription:

Citrix SSO for Mac OS X User Guide

Contents OVERVIEW... 3 FEATURE COMPARISON BETWEEN CITRIX VPN AND CITRIX SSO... 4 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5 Device level VPN Profiles... 5 Per-App VPN Profiles... 8 KNOWN ISSUES... 11 LIMITATIONS... 11

Overview Citrix SSO app for Mac OS X provides best-in-class application access and data protection solution offered by Citrix Gateway. You can now securely access business critical applications, virtual desktops, and corporate data from anywhere at any time. Citrix SSO is the next generation VPN client for Citrix Gateway, built using Apple s Network Extension (NE) framework to create and manage VPN connections from Mac OS X devices. NE framework from Apple is a modern library which contains APIs that can be used to customize and extend the core networking features of Mac OS. Network Extension with support for SSL VPN is available on devices running MacOS 10.11+. Citrix SSO app replaces the legacy Citrix Gateway plug-in that was based on Kernel Extensions (KE) which is going to be deprecated by Apple in the near future. Citrix SSO App supports advanced features like Server Initiated Connections and DTLS. Citrix SSO app provides complete Mobile Device Management (MDM) support on both MacOS and ios. With an MDM server, an admin can now remotely configure and manage device level VPN profiles and per-app VPN profiles. Citrix SSO app for Mac OS X can be installed from Mac App Store.

Feature Comparison between Citrix VPN and Citrix SSO The following table compares the availability of various features between Citrix VPN and Citrix SSO. Feature Citrix VPN Citrix SSO App distribution method Citrix Downloads page App Store Number of tunnelled connections 128 128 Access from browser Access from native app Split tunnel (OFF/ON/REVERSE) Split DNS (LOCAL/REMOTE/BOTH) REMOTE REMOTE Local Lan Access Enable/Disable Always enabled Server Initiated Connections (SIC) support Transfer login Client side proxy Classic/Opswat EPA support Device certificate support Session timeout support Forced timeout support Idle timeout support IPV6 Network roaming (Switch between Wifi, Ethernet etc) Intranet application support DTLS support for UDP

Feature Citrix VPN Citrix SSO EULA support App + Receiver integration Authentication Local, LDAP, Radius Client certificate authentication TLS support (TLS1, TLS1.1 and TLS1.2) Two factor authentication Compatibility with MDM products Citrix SSO for Mac OS X works with most MDM providers such as Citrix XenMobile, Microsoft Intune etc. It supports a feature called Network Access Control (NAC) using which, MDM administrators can enforce end user device compliance before connecting to Citrix Gateway. NAC on Citrix SSO requires an MDM server such as XenMobile or Intune and Citrix Gateway. For more on NAC, click here. Configure an MDM managed VPN profile for Citrix SSO The following section explains the step by step instructions to configure both device-wide and per-app VPN profiles for Citrix SSO using Citrix XenMobile as an example. Other MDM solutions can use this document as reference when working with Citrix SSO. Note: This section explains the configuration steps for a basic Device-wide and Per-App VPN profile. Additionally you can configure On-Demand, Always-On, Proxies by following XenMobile documentation or Apple's MDM VPN payload configuration. Device level VPN Profiles Device level VPN profiles are used to setup a system wide VPN. Traffic from all apps and services is tunneled to NetScaler Gateway based on the VPN policies (such as Full-tunnel, Split-tunnel, Reverse Split-tunnel etc.) defined in NetScaler. Following are the steps to configure a device level VPN on Citrix XenMobile:

1. On the XenMobile MDM console, navigate to Configure > Device Policies > Add New Policy. 2. Select ios and Mac OS on the left Policy Platform pane. Select VPN Policy on the right pane. 3. On the Policy Info page, type a valid Policy Name and Description and click next. 4. On the Policy detail page for ios, type a valid Connection Name and choose "Custom SSL" from the Connection Type dropdown control. Note: In the MDM VPN payload, Connection Name corresponds to the "UserDefinedName" key and "VPN Type" Key must be set to value "VPN". 5. In the Custom SSL identifier (reverse DNS format) text field, type "com.citrix.netscalergateway.ios.app". This is the bundle identifier for the Citrix SSO App on ios. Note: In the MDM VPN payload, Custom SSL identifier corresponds to the "VPNSubType" key. 6. In the Provider bundle identifier text field, type "com.citrix.netscalergateway.ios.app.vpnplugin". This is the bundle identifier of the Network Extension contained in the Citrix SSO ios App binary. Note: In the MDM VPN payload, Provider bundle identifier corresponds to the "ProviderBundleIdentifier" key. 7. In the Server name or IP address text field, type the IP address or FQDN of the NetScaler associated with this XenMobile instance. 8. The remaining fields in the configuration page are optional. Configurations for these fields can be found in XenMobile documentation. The completed page should resemble the screenshot below. Click Next. You may go straight to point 13 from here if you do not need to configure VPN policy for MacOS. Proceed to the next step otherwise.

9. On the Policy detail page for MacOS, type a valid Connection Name and choose "Custom SSL" from the Connection Type dropdown control. 10. In the Custom SSL identifier (reverse DNS format) text field, type "com.citrix.netscalergateway.macos.app". This is the bundle identifier for the Citrix SSO App on Mac OS. 11. In the Server name or IP address text field, type the IP address or FQDN of the NetScaler associated with this XenMobile instance. 12. The remaining fields in the configuration page are optional. Configurations for these fields can be found in the XenMobile documentation. The completed page should resemble the screenshot below.

13. Click Next and choose a delivery group for this VPN profile. Click Save. Per-App VPN Profiles Per-App VPN profiles are used to setup VPN for a specific Application. Traffic from only the specific App is tunnelled to NetScaler Gateway. The Per-App VPN payload supports all of the keys for Device-wide VPN plus a few additional keys. Following are the steps to configure a Per-App VPN on Citrix XenMobile: 1. Follow steps 1 to 7 as mentioned in configuring a Device-level VPN section. 2. Turn the Enable Per-App VPN switch ON in the Per-App VPN section. 3. Turn the On-Demand Match App Enabled switch ON if Citrix SSO should be started automatically when the Match App is launched. This is recomended for most Per-App cases. Note: In the MDM VPN payload, this field corresponds to the key "OnDemandMatchAppEnabled". 4. Select "Packet Tunnel" in the Provider Type dropdown menu. Note: In the MDM VPN payload, this field corresponds to the key "ProviderType".

5. Safari Domain configuration is optional. Configuring this will start Citrix SSO automatically when users launch Safari and navigate to a URL that matches the one in Domain field. This is not recommended if you want to restrict VPN for a specific App. Note: In the MDM VPN payload, this field corresponds to the key "SafariDomains". 6. The remaining fields in the configuration page are optional. Configurations for these fields can be found in XenMobile documentation. The completed page should resemble the screenshot below. Click Next. You may go straight to point 13 from here if you do not need to configure the VPN policy for Mac OS. Proceed to the next step otherwise. 7. On the Policy detail page for MacOS, type a valid Connection Name and choose "Custom SSL" from the Connection Type dropdown control. 8. In the Custom SSL identifier (reverse DNS format) text field, type "com.citrix.netscalergateway.macos.app". This is the bundle identifier for the Citrix SSO App on Mac OS. 9. In the Server name or IP address text field, type the IP address or FQDN of the NetScaler associated with this XenMobile instance. 10. Turn the Enable Per-App VPN switch ON in the Per-App VPN section. 11. Turn the On-Demand Match App Enabled switch ON if Citrix SSO should be started automatically when the Match App is launched. This is recomended for most Per-App cases.

12. Safari Domain configuration is optional. Configuring this will start Citrix SSO automatically when users launch Safari and navigate to a URL that matches the one in Domain field. This is not recommended if you want restrict VPN for a specific App. The completed page should resemble the screenshot below. 13. Click Next and choose a delivery group for this VPN profile. Click Save. 14. Additionally, to associate this VPN profile to a specific App on the device, you need to create an App Inventory policy and a Credentials Provider policy by following this guide - https://www.citrix.com/blogs/2016/04/19/per-app-vpn-with-xenmobile-and-citrix-vpn/

Known issues The following are the known issues at this time. Network Access Control (NAC) with Citrix SSO and Microsoft Intune isn t supported yet. Both Microsoft and Citrix are currently working on it at the time of this writing. User must automatically select the certificate if only one device cert is present in the keychain. In case of EPA failure logon fails if the user is placed in quarantine group. Forced timeout warning message is not displayed. SSO app allows logon if split tunnel is ON and no intranet apps are configured. Limitations The following are the limitations at this time. In case of EPA Some of the EPA scans (e.g Patch Management scans, web browser scan, kill process) might fail because of restricted access for SSO app due to sandboxing. Split tunnelling based on ports/protocols isn t supported.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback