Clicking on add button will display a list of USB Devices enabled, we can select the device we want to use in session. Post Selection, these devices will be available in the session for use and when we click on devices button we can view the list, add more and release already added devices. Citrix Tested USB Devices With Receiver For Chrome.
If you're using Citrix XenApp, it can be useful to provide Chrome to your users for several reasons: Testing of new or older Chrome versions, add-ons, security settings and other variables Access.
Citrix Workspace app for Chrome The new Citrix Workspace app (formerly known as Citrix Receiver) provides a great user experience — a secure, contextual, and unified workspace — on any device.
Citrix WebHelper for Google chrome can work as invoked mode or Non-invoked mode to access XenApp/XenDesktop resource. The article describes configuration steps for Citrix WebHelper invoked mode. It is essential to have access to back-end application via NetScaler Gateway when Receiver Client Selective Trust (CST) feature is enabled.
NOTE: If Citrix Receiver is already installed on your computer, click on Already Installed to continue to the login screen. External/Remote Chrome users may also use the HTML5 based Light Version (links shown in the above screenshots). This will launch your desktop inside the Chrome browser.
Installing XenDesktop
Install XenDesktop 7.9 and configure Federated Authentication Service. Refer Citrix Documentation - Federated Authentication Service for more details.
Configuring Active Directory Federation Services (AD FS) and Google Admin Console
Install and configure Active Directory Federation Service (AD FS) from server manager roles on any Windows 2K8 R2 or Windows 2K12 R2 server. Ensure that, AD FS and AD are not on the same machine.
Configure AD FS URL in Google Admin console for Single Sign-on as follows:
Enable Single Sign-on in Google Apps. Log in to your administration console at http://www.google.com/a/your-domain/. Click Security->Set up Single Sign-on (SSO)
This will take you through to a configuration screen. Select Enable Single Sign-on, and enter the following values: Sign-in page URL: https://adfs.yourdomain.com/adfs/ls/ Sign-out page URL: https://adfs.yourdomain.com/adfs/ls/ Change password URL: https://sts.yourdomain.com/startersts/users/password.aspx
Verification certificate: Upload the AD FS Token Signing cert (.cer file) which can be obtained from the AD FS 2.0 Management Console (under Service > Certificates). Click Upload.
Select “Use a domain specific issuer”.
Enter network addresses in the Network masks textbox.
Single sign-on is configured and enabled. Note that the settings take effect immediately. However, it does not affect your login to the Admin Console – that is always accessed by manual login, so that you can get and disable Single Sign-on again.
Configure SAML Single Sign-on policies on Google Admin Console, refer https://support.google.com/chrome/a/answer/6060880 for more details.
Configuring AD FS • Open the AD FS 2.0 Management Console and navigate to Relying Parties section.
Click Add Relying Party Trust
Choose Enter data about the relying party manually
Provide a name for the trust (so that you can easily identify it)
Select AD FS 2.0 profile
Select Enable support for the SAML 2.0 WebSSO protocol and enter /acs'>https://www.google.com/a//acs in the Relying party SAML 2.0 SSO service URL textbox.
Enter google.com/a/<your-domains the Relying party identifier
Complete the wizard steps
Click on the newly added item and select Properties. Click on the Signature tab and Click Add:
Add the Token Signing Certificate – it must the AD FS Token Signing Certificate you uploaded to the Google Admin Console AD FS.
Click OK.
Click Edit Claim Rules and click Add Rule:
From the Claim rule drop-down, select Transform an Incoming Claim.
Provide a Name to the rule, select E-Mail Address as the Incoming Claim Type, set the Outgoing claim type to Name ID and the Outgoing name ID format to Email:
Complete the Wizard steps.
Go to your Active Directory. Go to properties of user for whom you want to enable Single sign on and then add the google domain email address of that user in Email field.
Go to your Active Directory. Go to properties of user for whom you want to enable Single sign on and then add the google domain email address of that user in Email field.
Citrix Google Chrome
Configuring Citrix NetScaler
Configure NetScaler SAML to work with AD FS. Before this make sure, XenDesktop works with NetScaler without SSON or FAS configuration.. Refer, http://support.citrix.com/article/CTX133919 to configure NetScaler SAML with AD FS
On successful completion of all the above steps, you are redirected to AD FS page on entering the SF URL
Configuring Single Sign-on on Chromebook
Chromebook should be a managed Chromebook
Install and configure SAML SSO for Chrome app extension on Chrome devices. Refer to the Google website for more information. This extension retrieves SAML cookies from browser and provides to Citrix Receiver. This extension needs to be configured with the following policy to allow Receiver to get SAML cookies: { 'whitelist' : { 'Value' : [ { 'appId' : 'haiffjcadagjlijoggckpgfnoeiflnem', 'domain' : 'saml.yourcompany.com' } ] } }
If you are repackaging Citrix Receiver for Chrome, change the appId. In addition, change the domain to your company's SAML IdP domain.
Configure Receiver to user NetScaler Gateway configured for SAML logon. This enables users to use the NetScaler Gateway configured for SAML logon.
Login to Chromebook using managed user which will redirect you to AD FS page for the first time. user has to enter the password twice for the first time.
After successful login, you can access the XenDesktop resources without having to re-enter the credentials. providing any credentials.
Citrix Add On Chrome Download
Go through following demo on, how the user experience looks like, https://www.youtube.com/watch?v=Zv6tCSaCnIU.