Federated Authentication Service

System requirements

March 24, 2025

Contributed by:

Federated Authentication Service (FAS) is supported on the following Windows Server versions:
- Windows Server 2025, Standard, and Datacenter Editions
- Windows Server 2022, Standard, and Datacenter Editions
- Windows Server 2019, Standard and Datacenter Editions, and with the Server Core option
- Windows Server 2016, Standard and Datacenter Editions, and with the Server Core option
Citrix recommends installing FAS on a server that does not have any other Citrix components.
The Windows Server must be secured since it has access to a registration authority certificate and a private key. The certificate and private key allow the server to issue certificates for domain users. The server also has access to the issued domain user certificates and private keys.
The FAS PowerShell cmdlets require Windows PowerShell 64-bit installed on the FAS server.
A Microsoft Enterprise Certificate Authority or other validated Certificate Authority (CA) is required to issue user certificates. The following non-Microsoft PKI providers have validated their solutions for use with FAS. For support with these validations reach out to the vendor:
- Keyfactor Command
- Sectigo Certificate Manager
- Venafi Zero-Touch PKI
- HDI PKIaaS (Venafi)
- Entrust WNES
- AppViewX
- Evertrust Horizon CLM
- Opentrust PKI
- IDnomic PKI-3
- DigiCert Autoenrollment Server
For support and guidance to use FAS with non-Microsoft CA, you can reach out to the relevant PKI provider.
For certificate authorities other than Microsoft, ensure the following:
- The certificate authority (CA) is registered in the Active Directory as an enrollment service.
- The CA certificate is in the NTAuth store on the Domain Controller. For more information, see How to import third-party certificate authority (CA) certificates into the Enterprise NTAuth store.
For more information, see Deployment Guide: Citrix Federated Authentication Service and Sectigo MS Agent.

In the Citrix Virtual Apps or Citrix Virtual Desktops Site:

Delivery Controllers, Virtual Delivery Agents (VDAs), and StoreFront servers must all be supported versions.

When planning your deployment of this service, review the Security considerations section.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

System requirements

March 24, 2025

Contributed by:

System requirements

In this article