| 
Managing Single Sign-on - You must manage the following configurations before end users can take advantage of the benefits of Single Sign-on:
Application Definitions - Single Sign-on recognizes and responds to applications based on the settings identified in application definitions. Application definitions consist of sets of specific end user credential form recognition and action characteristics referred to as form definitions, and the set of configuration options that apply to all the forms in the configuration. The form definition settings define the actions that Single Sign-on performs when an application requests a specific end user credential action, while the application definition contains all the end user credential management forms associated with a single application. For predefined application definition templates, created by Citrix Consultants, Sales Engineers, and System Integrators, that can be imported into Single Sign-on, see http://citrix.thinkbuilddeploy.com/index.php
Note: The Single Sign-on Plug-in is able to detect basic end user credential fields even if there are no configured application definitions.
Password Policies - Password policies define rules that control the characteristics of end users' stored passwords. These rules can be applied to all end users or to specific groups of applications as determined by your organization’s needs.
Password policies can be configured to:
Question-based Authentication - Question-based authentication allows you to provide secure authentication to end users who change their primary password under specific circumstances, change their method of authentication, or have their accounts locked. The use of security questions and question-based authentication protects against access by unauthorized end users.
Note: The questions you create should be based on non-public information that would be difficult for anyone other than the authorized end users to provide.
User Configurations - User configurations allow you to control the behavior and appearance of the Single Sign-on Plug-in for end users. A user configuration is a defined collection of settings, password policies, and applications that are applied to Active Directory users.
Note: Distribution groups and Domain Local groups in Active Directory mixed mode are not supported.
Before you create user configurations, ensure that the following items have been created or defined:
For more information about Single Sign-on, see Citrix eDocs at eDocs.citrix.com
- Application definitions
- Password policies
- Question-based authentication
- End user configurations
Application Definitions - Single Sign-on recognizes and responds to applications based on the settings identified in application definitions. Application definitions consist of sets of specific end user credential form recognition and action characteristics referred to as form definitions, and the set of configuration options that apply to all the forms in the configuration. The form definition settings define the actions that Single Sign-on performs when an application requests a specific end user credential action, while the application definition contains all the end user credential management forms associated with a single application. For predefined application definition templates, created by Citrix Consultants, Sales Engineers, and System Integrators, that can be imported into Single Sign-on, see http://citrix.thinkbuilddeploy.com/index.php
Note: The Single Sign-on Plug-in is able to detect basic end user credential fields even if there are no configured application definitions.
Password Policies - Password policies define rules that control the characteristics of end users' stored passwords. These rules can be applied to all end users or to specific groups of applications as determined by your organization’s needs.
Password policies can be configured to:
- Automate password changes for applications
- Implement security schemes
- Define password expiration for applications
- Restrict end users from reusing passwords
Question-based Authentication - Question-based authentication allows you to provide secure authentication to end users who change their primary password under specific circumstances, change their method of authentication, or have their accounts locked. The use of security questions and question-based authentication protects against access by unauthorized end users.
Note: The questions you create should be based on non-public information that would be difficult for anyone other than the authorized end users to provide.
User Configurations - User configurations allow you to control the behavior and appearance of the Single Sign-on Plug-in for end users. A user configuration is a defined collection of settings, password policies, and applications that are applied to Active Directory users.
Note: Distribution groups and Domain Local groups in Active Directory mixed mode are not supported.
Before you create user configurations, ensure that the following items have been created or defined:
- Central store
- Application definitions
- Password policies
- Security questions
For more information about Single Sign-on, see Citrix eDocs at eDocs.citrix.com