System requirements

  • Federated Authentication Service (FAS) is supported on the following Windows Server versions:
    • Windows Server 2025, Standard, and Datacenter Editions
    • Windows Server 2022, Standard, and Datacenter Editions
    • Windows Server 2019, Standard and Datacenter Editions, and with the Server Core option
    • Windows Server 2016, Standard and Datacenter Editions, and with the Server Core option
  • Citrix recommends installing FAS on a server that does not have any other Citrix components.
  • The Windows Server must be secured since it has access to a registration authority certificate and a private key. The certificate and private key allow the server to issue certificates for domain users. The server also has access to the issued domain user certificates and private keys.
  • The FAS PowerShell cmdlets require Windows PowerShell 64-bit installed on the FAS server.
  • A Microsoft Enterprise Certificate Authority or other validated Certificate Authority (CA) is required to issue user certificates. The following non-Microsoft CAs have been validated for use with FAS:

    • Keyfactor Command
    • Sectigo Certificate Manager
    • Venafi Zero-Touch PKI
    • HDI PKIaaS (Venafi)
    • Entrust
    • AppViewX
    • Evertrust Horizon CLM
    • Opentrust PKI
    • IDnomic PKI-3
  • For support and guidance to use FAS with non-Microsoft CA, you can reach out to the relevant PKI provider.
  • For certificate authorities other than Microsoft, ensure the following:

  • For more information, see Deployment Guide: Citrix Federated Authentication Service and Sectigo MS Agent.

In the Citrix Virtual Apps or Citrix Virtual Desktops Site:

  • Delivery Controllers, Virtual Delivery Agents (VDAs), and StoreFront servers must all be supported versions.
  • Apply the Federated Authentication Service Group Policy configuration to the VDAs before creating the machine catalog. For more information, see the Configure Group Policy section for details.

When planning your deployment of this service, review the Security considerations section.

System requirements