Configure StoreFront

If Secure Private Access is co-hosted with StoreFront, then the Secure Private Access configuration on StoreFront is done automatically by the first time setup wizard.

However, if Secure Private Access is not co-hosted with StoreFront, then certain configuration changes have to be done manually.

Perform the following steps to configure StoreFront manually.

  1. Download the script from the Secure Private Access admin console (Settings > Integrations).
  2. Click Download Script corresponding to the StoreFront entry for which the configuration changes have to be done.

    The downloaded zip file contains a configuration script, a README file, and a configuration cleanup script. The cleanup script can be used in case integration between StoreFront and Secure Private Access is to be removed.

  3. Run the script as an admin on a PowerShell 64-bit instance by using the command ./ConfigureStorefront.ps1.

    • No other parameters are required.
    • The PowerShell script execution policy must be set to Unrestricted or Bypass to run the StoreFront script.
    • The script also propagates the configuration to other StoreFront servers if StoreFront is configured as a cluster.

Once StoreFront is configured with the Secure Private Access settings, the Secure Private Access plug-in configuration can be seen in the StoreFront admin UI (Manage Delivery Controllers screen).

The StoreFront script automatically configures the aggregation group setting for Secure Private Access if the same is configured for the Citrix Virtual Apps and Desktops delivery controller. By default, the script configures Secure Private Access for everyone (User Mapping and Multi-Site Aggregation Configuration > Configured).

Important:

  • It is recommended to use the StoreFront script downloaded from the Secure Private Access admin UI to configure StoreFront for Secure Private Access only. Do not configure Secure Private Access from the StoreFront admin UI as the UI does not cover all the required configuration on StoreFront. The script must be run to complete all the necessary configurations.

  • One Secure Private Access site can be configured on multiple StoreFront deployments (either on another store on the same StoreFront or a different StoreFront deployment) as well. StoreFront can be added from the Settings > Integrations page.
  • The StoreFront auto configuration doesn’t work from Settings > Integration page even if Secure Private Access is co-hosted with StoreFront. Autoconfiguration is done only during the first-time setup. If a new store configuration is added from the Settings page, the StoreFront script must be downloaded and run on the corresponding StoreFront machine.

When using StoreFront version 2308 or earlier

If you are using StoreFront version 2308 or earlier, the StoreFront admin UI has the following known issues:

  • The Secure Private Access plug-in type is shown as XenMobile.
  • The Secure Private Access server URL is not displayed.
  • The Secure Private Access port is always shown as 80.

2308 and earlier

When using StoreFront version 2311 or later

In StoreFront version 2311 and later, the Citrix Workspace for Web client doesn’t enumerate the Secure Private Access apps. This is because Secure Private Access doesn’t support the Secure Private Access app launch in the Workspace for Web platform.

Configure StoreFront