Configure authentication
Manage authentication methods
For each store you can choose one or more authentication methods that are available when logging in to the store through Citrix Workspace app.
- Select the Store node in the left pane of the Citrix StoreFront management console and, in the Actions pane, click Manage Authentication Methods.
- Specify the access methods that you want to enable for your users.
- Select the Username and password check box to enable explicit active directory username and password authentication. For more information, see User name and password authentication.
- Select the SAML Authentication check box to enable integration with a SAML Identity Provider. For more information, see SAML authentication.
- Select Domain pass-through to enable pass-through of Active Directory domain credentials from users’ devices. For more information, see Domain pass-through authentication.
- Select Smart card to enable smart card authentication. For more information, see Smart card authentication.
- Select HTTP Basic to enable HTTP Basic authentication. Users authenticate with the StoreFront server’s IIS web server.
- Select Pass-through from Citrix Gateway to enable pass-through authentication from Citrix Gateway. Enable this if users connect to StoreFront through a Citrix Gateway with authentication enabled. For more information, see Pass-through from Citrix Gateway.
Modifying the authentication methods for a store also updates the authentication methods used when accessing the store through a web browser. To change authentication methods when logging on through a web browser see Authentication Methods.
Manage authentication methods using PowerShell SDK
To configure authentication using the PowerShell SDK:
-
Call Get-STFAuthenticationService to get the authentication service for a store or a virtual directory and to view its current configuration.
-
On the authentication service, enable or disable the required authentication protocols. To get a list of available protocols, run Get-STFAuthenticationServiceProtocol. To enable the protocols, run Enable-STFAuthenticationServiceProtocol with a list of protocols to enable. To disable the protocols, run Disable-STFAuthenticationServiceProtocol with the list of protocols to disable.
-
Configure the authentication protocols you have enabled. For details, see the documentation for each protocol.
Shared authentication service settings
Use the Shared Authentication Service Settings task to specify stores that share the authentication service enabling single sign-on between them.
- Select the Stores node in the left pane of the Citrix StoreFront management console and, in the results pane, select a store. In the Actions pane, click Manage Authentication Methods.
- From the Advanced drop-down menu, select Shared authentication service settings.
- Click the Use shared authentication service check box and select a store from the Store name drop-down menu.
Note:
There is no functional difference between a shared and dedicated authentication service. An authentication service shared by more than two stores is treated as a shared authentication service and any configuration changes affect the access to all the stores using the shared authentication service.