Interesting EUC items from last week:
Citrix Workspace app
- Download Citrix Workspace app 2006.1 for Windows
- Workspace for Web Not Detecting Citrix Workspace App for Windows 2006 Client – fixed in 2006.1 – Knowledgebase article
Citrix Gateway
- Integrating Okta with Citrix NetScaler Gateway without Citrix Federated Authentication Service – Alchemist Pascal P.
- HowTo: Okta SAML at Citrix Gateway with SSO Without FAS – Michael Shuster
- HowTo: Azure MFA SAML and Citrix Gateway with SSO Without FAS – Michael Shuster
VMware
- VMware OS Optimization Tool updated June 2 – easier to re-enable Windows Update on a Windows image that has previously been optimized and had this disabled.
- Interoperability of VMware Carbon Black and Horizon – VMware Knowledgebase article
For more immediate updates, follow me at http://twitter.com/cstalhood.
For a list of updates at carlstalhood.com, see the Detailed Change Log.
Can Okta be used for CAC authentication with Citrix Gateway?
You mean SAML to Okta? Certainly. You still need local AD accounts for each smart card. When connecting to the VDA, the VDA can use the smart card, or you can use FAS to automate the sign-on.
Not 100% sure to be honest i can’t seem to find much if any documentation on this. So is the CAC/PIV card used just at the VDA for the Windows portion or can it be used at the front end to authenticate Gateway Access via OKTA? Also was wondering how it would integrate with SSO to Storefront without setting up traditional callback and authentication policies on the storefront servers.
Normally you do CAC directly to Gateway and/or StoreFront. With Okta, I’m guessing you’d do SAML to Okta and let Okta handle the smart cards. In any of these cases, due to lack of password, you configure StoreFront to delegate authentication to Gateway and configure the callback.