In this document we will enable Single Sign On (SSO) in the Citrix client to be able to transfer the credentials you are already logged into your computer with and avoid entering the credentials twice, we will also enable it for the web part and directly with the browser they will access it in the same way.

The first thing will be to install the Citrix Receivers on our customer equipment, for this, if we want to have the SSO feature installed we will indicate the parameter '/includeSSON’ and if we also want the integrated icons of the apps to be created in the Start Menu of the clients, we will add the parameter 'UseCategoryAsStartMenuPath=”True”‘, ideal for deployment in GPO, No?

Optionally, we can create a GPO to indicate to customers what the URL is to connect to our Citrix environment, We will import the template 'icaclient.adm’ that we will find in any client with Receiver installed in '%ProgramFiles%CitrixICA ClientConfiguration', we'll add the StoreFront account from “Administrative templates” > “Citrix Components” > “Citrix Receiver” > “Storefront” > “StoreFront Accounts Lists” Formatted correctly.

We will create a GPO or on top of it we will enable the configurations to enable SSO on the clients, the first thing will be to add our Citrix site URL to Local Intranet sites, and the second thing will be to enable "Enable Pass-through authentication" & "Allow pass-through authentication for all ICA connections" en “Administrative templates” > “Citrix Components” > “Citrix Receiver” > “User authentication” > “Local user name and password”.

Add the Domain Pass-Through Authentication Method from the Citrix StoreFront Console.

From a power shell we load the Citrix cmdlets with 'asnp Citrix*’ and enable XML trust on the site by running from a Controller 'Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true'.

Well, we verify that the GPOs have been executed correctly on the PCs and have the SSON module loaded, We will be able to see if he has the 'ssonsvr.exe’ loaded.

And that's it! All that remains is to open a Citrix Receiver and we will see that it starts automatically against the Store that we configure in GPO, and with the validation of your Windows automatically opens and integrates the apps on your Desktop thanks to Domain Pass-Through!!!

If we want to enable SSO also in the web part, we will do it from the StoreFront console, Simply add the authentication method in Web Receiver.

We validate it by opening a browser and we will access it without asking us to enter credentials directly into our apps or desktops!

If we want to enable SSO on our legacy PNA sites as well, we'll run from PowerShell 'installation pathScriptsEnablePnaForStore.ps1″ –SiteId ID_DEL_SITIO –ResourcesVirtualPath /PATH_AL_STORE –LogonMethod sson’