Duration 45:40
16+
Play
Video

Citrix Synergy TV - SYN206 - Citrix Endpoint Management: deep dive on SSO

Ashish Gujarathi
Distinguished Engineer, XenMobile Cloud at Citrix
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN206 - Citrix Endpoint Management: deep dive on SSO
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
1.88 K
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

  • Ashish Gujarathi
    Distinguished Engineer, XenMobile Cloud at Citrix
  • Milind Mohile
    Head of Products, Workspace Security (CEM, Access Control and Gateway) at Citrix

About the talk

Topic: IT

This session is a technical deep dive into the SSO capabilities of Citrix Endpoint Management. As more and more enterprises invest in mobile technology to support business-critical processes, the end user experience is paramount to success. Citrix Endpoint Management not only provides a high level of security, but also delivers a great user experience and easy access to mobile, web, virtual, and SaaS applications. Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Thank you for coming welcome is good to see so many Star Wars fans in here. Hope I'm not insulting anyone of that one. So this station is about and 00:04 we are also charging a bid on things. Like how does be in pain Management Solutions to pull the work space and how do we can figure 00:14 it out? We deployed how do we make this a great user experience when you are a first-time user on the workspace app Pitney depending on which platform 00:24 Iran? So as you probably can see hear my name is mold an hour and I work at the Domain specialist. So I work in the field and my colleague a job 00:33

rocker the systems engineer also working in the fields. So some of the stuff in here is not only from the documentation side, but also from 00:42 what we picked up during the years working with these types of Technologies, so they're going to have your time. So just a quick 00:52 overview like we're going to go over we've got some almost live there knows we were supposed to do like but 01:02 yeah things change. So today we're going to do what we think is crucial to the experience that you 01:12

meet when you join a workplace solution. So basically that's what we are going to demonstrate and of course we've chosen 01:21 some of the really tricky ones third-party application, which is always been a challenge for both more than me when we run into you guys in the field. 01:30 So that's that's where we we put our money in this MO. So to who to lead off? 01:39 One of the things that we see a lot when going to the feelies, everybody is aware of this going on this destruction in our normal business 01:51

lot of changes happening. We meet a lot of people say they are on the way away from Citrix, but what they actually meeting 01:59 is that they're moving into SAS app web apps are moving away from 30 32-bit application. I need virtualization. So what you saying, we're 02:09 moving more more way from which relaxation then the funny thing is we run into customers. Well, we want to secure the way we 02:19 access these web apps. So we need a secure browser and one of the offerings the teacher sexually has isn't secure browser and we're able to virtualize 02:28

any kind of broth experience and then we really wanted that because that's what I want a big big issues within the company's so they 02:37 received people Shifting the virtualization two different. Scenarios and we also see a picture into web app and Sassafras 02:47 and the thing that people forget some time is that web apps and SAS up equally complex in the way. They need to be 02:57 handled especially around SSO. And the citric has had to learn that recently that we need to enforce a single sign-on 03:07

architecture throughout the services that we are. So one of the demos today slack slack is a huge tool it started out 03:16 as this Shadow it solution for engineers to chatting and we have this whole world without boys are strong 03:26 disagreement how the communication within Citrix actually are we using go to meetings that we using Skype are we using different communication and 03:35 a probably a lot of can say yeah, we've been through that been slack showed up and now slack is becoming one of the preferred ways of finding 03:45

information within Citrix. If you can find it if you can find the right channel to the right person and it's grown into being the de facto 03:54 standard on how you communicate with our engineering team. And I was that was a good example of a technology that was brought in and 04:04 it had it at its own life. And now it's part of a single sign-on infrastructure. A lot of things they also changing is the way we perceive 04:14 networking. So one of the big changes hitting us in a couple of years that you guys have to take a stand on a position on it's 04:24

break time will 5G. I was recently in Barcelona and 5G is going to hit us like we haven't seen yet. It's going to be a tsunami of services 04:34 and I all of a sudden not going to be available that mean that it's 04:43 becoming more complex social that soon direct contradiction to what many perceive which is let's 04:51 move to the cloud and we don't have to worry about networking in the same sense as we do in our internal infrastructure. Right. No, It's going to be 05:01 it's going to be like nothing we've seen yet and the amount of data you hurt David talk about we are moving into the Utah 05:10

and I completely agree with that people are users 05:19 if you can call use of people. Go on. 05:28 They are one of the things that David pointed out is the people of comparing the service. They're getting from from consumer services and 05:38 of cost for a lot of airlines a lot of banks vit front is becoming the battlefield for customers how easy it is to use 05:48 and they're pouring a lot of money into that good multi-factor authentication. They know that they need to secure it. So if for example I 05:58

use Amazon for many years and now all the sudden I have to give my phone number so they can they can send me a ping if I do something that are out of 06:08 the ordinary if I order of fights that bull Healthy food or Diet food then they know it's a deviation of my normal shopping pattern. 06:16 So so what you're saying is that you're out of your normal behavior. Yes, 06:26 and of course they compare that service to the service that you guys deliver within the company and they say it will look look at the 06:35

experience I get here and look at experience and its really really tough competing with somebody was pouring million and say to that primary 06:45 Battlefront zactly. So we we are again seeing the consumer consumer isolation driving the demands within the company and demanding 06:52 juices are coming because it's David also say work sucks, especially in our area Mi Pueblo high level 07:02 IT staff is becoming increasingly hard to adopt and so we were going to have compared. situation about 07:12

the right fuses at the core of what we do and this is really one of the crucial slide procedures. 07:22 We we have three things that we build into everything. We do we build the first time for analytics products. You've seen 07:31 security analytics. Now, we came with performance analytics and soon we will have this productivity and a latex coming up and it's like the cold 07:41 everything we do is that the core what we do with the work with very focused on the experience that uses 1/2 and in order to support 07:49

that infrastructure. It's incredible important that single sign-on has become something about identity but becomes something 07:59 about what happens before the single sign-on after it's a part of this ecosystem that we actually delivering. So just give you an example of one of 08:09 the demos that more than I like to do later that we couldn't do what we have a video showing the unfolding part of it is that 08:17 we want a consumer to be Well, we want the juice or to be able to take a brand new device any device out of a box. Gets delivered 08:26

directly to the person take it out hook it up put his email address in and everything that he needs within the company gets installed in the device. 08:36 The device are the become so managed to buy some non man is the whole identity gets pushed onto the bison and that's what we're working on with these 08:45 three the productivity the performance and the security at at the heart of everything we do and one of the main reason for doing so is that we want to 08:54 drive adoption of technologies that could be more productive. If we do not offer a solution that makes it easy to get their uses will find other ways 09:03

to do the job. And one of the things I had a chance to talk to a customer who actually bought 4000 raspberry pies come in Computing 09:12 and that seems to be a gap between what he's able he's able to unbolt them and deliver the right experience on this device has 09:22 something that will really really aware of multi screen. There is a multi-screen function when he's 09:32 running set up virtual apps. Be aware of all the name changes, right? Yeah, 09:41 so he wasn't able to do that. He wasn't able to deploy the right profile since so on and we believe that that's somewhere that we need to be. So 09:50

we had a talk with this customer and more news is on in like a leech. So one of the things that why do you need us or so so I think it's 10:00 really becoming an issue and if you heard David the way that people work you might work 3 days at one company in two days, Do you really want that 10:10 inside your your identity infrastructure? Another thing is the way the companies communicate with custom means that you need to have their 10:19 identity also and take care of it. Especially New York Yoruba, when we have this gdpr thing and you really need to protect those information to 10:28

all of sudden you might be accompanied with a thousand employees you have maybe twenty thousand customers. So where do you need to have their 10:38 identity? And how do you protect it? And how do you do all this analytics stuff? So that's especially in a market with the arms and legs for the 10:46 night. He's becoming fewer. So you need to order make automation that we talked about and single sign-on automation with Anna and it is crucial to be 10:54 delivering this Spirits that that we want to deliver and also especially in Citrix. We just had an experience. 11:04

Let's call it that where we got a chance to renew our password and used more complex password. So 11:14 in order to support the IT department when when you are adopting these new services and making sure that you have the right person it would have 11:23 helped to have single sign-on across our entire platform. And that's one of the benefits that I see what single sign-on more efficient 11:33 A lot of times is it that easy. It's not 11:45 really nice to be recognized. This one. 11:50

Was that easy? Hopefully we can change that in the future don't 11:58 think so have the same now clearly. We're 12:08 from the field. We're not from product management or anything. 12:18 Yeah. It is. That was not the intention I guess. We don't 12:32 try meme. I just want the journey for us as well. But the whip combining so many Technologies from an on-premise suspected and and and we're building 12:42 out our identity and why would doing so is because we want to make it easier. Of course. This is going to build out in the future 12:50

and look at any obstacles for a nooses to on ball to that solution easily. 13:00 Exactly hire someone that can read them. Would that be the solution? 13:10 Documentation was just to say sometimes we make 13:20 services available. That would make your life easier. But I also running to companies where they say. Well we don't have the time to implement this so 13:30 they take an easy solution which fits the lowest bar. So I made a lot of Secret customer service Morton where they selected the lowest denominator 13:39

with in single sign-on instead of actually getting the experience to the use of that our technology jobs. So really think about we will show them all 13:48 be able to get more technical it later in a few minutes. We will show some of the things that I'm going to steps that you can ask you to do to get 13:58 this experience to do you say and to give you just an idea Citrix. We just throw a laptop at you when you start in the company and then you get a 14:07 token and good luck with that and you have a URL And then you get a vdi dashboard and then everything should be there. So that's how we do 14:16

it. It's it's not on nice process, but it's it's getting there. So really not just take off enable 14:26 single sign-on think about single sign-on process, especially when you when you start to adopt. I hope the micro apps that we have. Let me watch 14:36 stopped to have integration two different Services the way you also need to identify you in the right way to get the the micro micro apps working 14:45 properly. Within Citrix, we have multiple ways of doing single sign-on and this is growing. 14:53

A lot of the things that we would hire that we would show all talk about today's the website ASAP. And then the MDX we actually have an 15:03 s2k. Will they know which would help a lot of people used it and the documentation was a little better and 15:13 then of course, it's also a possibility to do single sign-on. We are 15:22 focused on the Empire today and how we can support the work space. So that's where we we put out at 4 because they didn't want to give us two hours 15:32

for the position. So another friend and I love this new guy that wrote usually got nurses in 10 Years. Everybody will 15:41 be here. Now. They only giving us three years before apparently identity will move into to a cloud service. So my point here being some 15:51 of the trends we're seeing the acceleration is crazy five, Jesus three or four years out in the future. It will end tables so 16:01 much data to come into your data center. You will have access to so many services and you will need to have a Federated a 16:11

displaced identity platform that can talk to the services. I mean it is simply staggering what 16:21 kind of data load we will change the future people are starting to talk about it other than will disappear in Van will be everywhere and your user 16:31 will be on a van every other all the time. How can you compete with a 5G connection with 1 gigabit connection 16:39 and in our office? We have 25 make something a good day. But maybe this also shows some of the difficulties some 16:48

customers face. When when you're in the hybrid environment deciding to adopt different types of pasta ever since you might have hosted Services. You 16:58 have your own services in your infrastructure. How do you consolidate the way that uses access to Services issues like that in the field? 17:05 Okay. Thank you very much. One person only one. How do we 17:15 make sure that your identity platform is configured correctly have access and can provide access to the different Services independently off where 17:25

those Services reside. In the old days, it was like building the high-speed rail road. So if you need to be a 17:35 hundred me up in 10 km, you start 10 kilometres before I just saying a lot of the technologies that is going to hit us. It's going to hit us within 17:44 the next three to four years and the way you can secure your identity is to have a density service according to Garden in place, 17:53 especially around your your customer contacts in your apartment complex. Morton. Was that my. Now 18:03

we will try to at least so and I was told 18:13 to stand still instead of walking around the Habit that I have tried to do that. Let me know if I'm moving too much but actually the 18:23 thing about ITP and identity. This is one of the vital areas that you need to look at in order to provide a good user experience and 18:33 enable capabilities as single sign-on. So this is things you need to have in place and you can see up here. What would 18:42 a solution is to make sure that we can configure the endpoints we can deliver certificates configurations and applications provide 18:51

configuration that enables VPN connections or sassa Connections in someone so it's not only about single sign-on and it's just making sure you have 19:01 the foundation's on the platforms that you used to working to enable least kind of services. And then of course. When we have all these 19:10 ease-of-access two different kind of services. We also need to have things like conditional access in place to make sure that we can cut off those 19:20 connections. If something arises that I'm not in the normal behavior that we're getting and just signed an agreement with Microsoft to do conditional 19:28

access integration with EMS on IOS and Android. This is a huge thing. We have our secure mail application. Oh by the way, how many and here are using 19:37 secure mail? Oh, I love to see so many hands. That's amazing. But one thing that we're doing as well is that we're making secure mail hasn't approved 19:47 application on the list of applications in Ems for conditional access was price of this was only consisting of Microsoft application against showing 19:56 the partnership that we provide you with. But let's have a look at how we are configuring 20:05

the endpoint. So when a device connects in it, will it could be a BYOD. It could be a fully managed to buy scenario. But we able to do 20:15 is that we connect through the workspace, but it can be intercepted and then enrolled into the in pain management solution and the endpoint management 20:25 a profile to that device to that works face application that tells it so this is the country graichen you need to 20:34 use that can be all you can for Eurasian Graphics, but also things like certificates in Wi-Fi configurations. This is all about making sure that the 20:44

end uses onboarding experience first time use is as best as possible. They need to do a Hopefully in the future just about nothing other 20:53 than opening the application entering their credential set and then they have access to everything. So that's the goal. We're moving tools. 21:03 That means that we can support this type of access on basically any device that you're working on so I can have an iOS device. I can have a Macbook or 21:13 I can have a virtual ice machine independently of loose box one will be able to deliver the workplace application provide the foundation to do things 21:23

like single sign-on, but it's an important step in order to provide. If we move it further 21:30 once we also want to provide this week in leverage the bulk enrollment Technologies from the different Hardware vendors. 21:40 But that's not all that's not in north in order to provide that really great user experience. So giving them type of out-of-the-box experience by 21:51 them opening their device automatically rolling through Apple device enrollment program as an example, but we then on top of that enables 22:00

administrators to easily configure the workspace experience on top of that. That that enables the end-user to basically open that 22:10 device get things installed and configured and then connect to the services they want to work with. So using the the bargain romantic Aldi's. 22:20 Connecting to the endpoint management solution deploying the profiles and then you have the access will that social action desktop files internally on 22:30 a cloud service SAS application the internal web applications all Consolidated through the workplace experience. 22:40

So if we look up how we're doing that well. One big item in this this setup is the Citrix cloud 22:50 and Citrix Cloud identity platform. That's why we easily can connect to things like your on-premise Solutions or SAS applications. 23:00 We've got the plus hundred different templates to configure single sign-on. Not only use for 23:09 a Windows machine or a virtual machine access to that starts. It's a service but it can be for iOS devices for Android devices. So covering basically 23:19

all the different platforms that you're in uses of using on a daily basis. Going into the 23:28 third party clouds, even if you're using a browser using a native mobile application, but it's all about how we can figure that 23:38 device to start with. So we make sure that the right technology sign place the right connections on Face the right application to unfold so that the 23:47 end you so you can stop working just all the bat. So now this is an almost live demo you ready for that. It might fail 23:56

I guess you're so let me just you need to switch when you're ready. So this is the demo where we going to take a Windows 24:07 10. We going to do the enrollment of work space based on a email identity. And we going to probation. The only thing we don't have 24:17 is where we don't have enable the autopilot at all these things where it's an out-of-box experience. That's where you added and there's no Brandon 24:26 Morton forget and forgot to mention one important things by the the certificates and the control the device instead of just pushing the workplace out 24:35

now that we begin to support local applications for the workspace. It becomes increasingly important that you cannot dedicate those local 24:45 applications with single sign-on and you can only do that if you have this layer underneath doing the the whole identity. 24:54 So what we doing here is that not now that we start to bring in more and more capabilities for for the workspace app. We also need that 25:05 Foundation to not only provide connectivity services and the VPN and then 25:15

we're we're delivering native applications. We might also want to deploy policies that controls how the 25:22 data flows from those applications. So by leveraging things like Windows information protection policies, we can make sure that the Enterprise 25:32 application deploy to your devices only can interact with other applications. That's a part of the Enterprise Suite Give me going in and looking at 25:42 the in pain management solution. Just making sure that this is not enrolled with the device that was enrolled on this user was another device. It'll 25:51

be after you will see two devices. So just opening up the Citrix workspace. How do I add an account add in your email address? So 25:59 what happens now is that the workspace knows that you need to enroll 26:08 into an appointment? So it will automatically kick off that process and guy who used to through that process. That means that now we can deploy the 26:18 configurations for the workspace app. We can deploy policies for the platform itself. We can deploy applications and the user can get productive 26:26

a lot faster than you would otherwise do. quit yesterday. Thank you real. 26:36 Okay, so we'll just be enrolling the device into the in pain management solution. That will provide us with the ability to in this case showing off 26:46 that we can basically configure and enroll through the workspace application install the native applications as well as 26:55 provide access to Virtual apps and desktops staff application internal web applications. So that would pretty much cover what most use this one's 27:04

access to and if this is an onboarding experience you open up your new laptop and this is all you need to do to get started to get access all to all 27:14 you Enterprise services. So now we there This is an example of what we can do from a configuration perspective. So freaking speaker that 27:24 the native Lee installed application also shows up and you start menu not only installing at location providing the access but also configuring the 27:34 device. So you'd have that access from the start menu from workplace application providing that ease of access to all the different types of 27:44

Enterprise services that you that you need to work with. Let's go in and see you in the settings and see how that enrollment went. 27:53 Go to the account setting and I'm thinking I'm taking your clicking on your clicking you high. I know that should be a bit faster. So now we connect 28:03 you to our and Pain Management solution. Now we have that hook into that pot form so we can provide the end-user with what they need for my my 28:12 application to fix it from a configuration and policy perspective we have now that pot from completely out of control. How do you say can go in and 28:21

see what we actually controlling? So, let's hop back to be in pain management solution see that that device is enrolled 28:31 correctly and have a bear the Windows desktop tablet. Traffic, so that's the process from 28:40 a used perspective. This is what I need to do. They don't need to go into the admin console going chick with her then rolling off, but that's how we 28:50 how we can do that on a Windows platform unless the application is installed. Close the demo, 28:59 please. Perfect. 29:09

Yes, or no, so they're delivered to that device so that the question is I'm sorry. I'm just going to repeat it for 4000 is that it is is the 29:26 installation of that application assigned to specific user or is it delivered from the membership of an 80 group or something like that? So we do it 29:35 by a delivery group in the endpoint Management Solutions that are attached and Active Directory Group, but you're correct. It's it's 29:44 personal the dabs are delivered to that specific use a person on the device. You have a library 29:53

and you have some prepared for this user needs of the application that this user has been allocated exactly. so 30:03 the whole point here is to make sure that the workspace gets all the policies all the configurations all the applications on all the access delivered 30:13 on that device and from an SSO perspective what we can do when we have that workspace device on the management. We can provide many different types 30:21 off SSO capabilities. Let's go in and look at a few of those right so One thing that we need in order to make this 30:30

happen anyone. That has been working with our netscaler Citrix ATC Gateway service. It has different 30:40 names and resides in different places. So few of you most of the magic around getting access to something providing single sign-on and 30:50 authentication and authorization for that matter that leverages our netscaler Technologies. So where we should have the chill appliances Hotwire 31:00 appliances that you can put on premise to what we're doing now is that we're living to both of you on premise capabilities and the cloud service 31:10

capabilities. Provide you with these technologies that keeps that great user experience. So if we look at the work space as a 31:17 showpiece. Garfield requirements that you need to run through but maybe the most certain without question. 31:27 Sorry. Yep. 31:35 That has possibly been fixed. So this is the combination of endpoint management and receiver basically so that enables us to 31:46 use some of the capabilities from both of these Solutions. Will the high issues with certificate-based authentication and one reason being that we 31:56

could not automatically deploy the certificate and assign it to an application but within pain management in that Loop will be able to configure that 32:04 so that enables us basic needs to do more and that's why in her management is such an important part of making that work space experience really good. 32:12 so but it's just a setup that you can look at and see how does this actually work. But let's say you have your device you have the what face app 32:24 installed. You have a native mobile app install that's been deployed all the information solution, but we don't have any capabilities off actually 32:34

containerized and controlling that application because it's a public App Store application, right? But we can do is that we can connect the Citrus 32:44 identity platform shoe. That's a service. So now we have these two combined and what we can do then is that we can deploy everything through 32:53 the infant management solution. We can then authenticate through the workspace service will then get a token issue that we can use 33:03 and when the user clicks on the Sass mobile application weather that is worth a slack Salesforce excetera. We can intercept that traffic 33:13

redirect and initiate the saml authentication process and at the end of the day what will get a sample of educated session to walk 33:23 celphos athletic. Sandal we can bend deliver that authentication token to that application. and then whoops I'm happy that this 33:33 has a back button. So what basic do you have in fairy is that we provide that authentication token? And now that application can authenticate 33:43 directly so the user won't get prompted to Essentia Kate when accessing Salesforce work they slack Etc. Will you can then with the in 33:53

pain management solution apply platform mobile application management policies on that public app store app partially containerizing. 34:02 The dataflow from that application as well. I'm going back to why in pain management is a good thing when you deplane the workplace solution because 34:12 we can provide more controls for that platform and how and applications interact how policies that apply at how configurations are done it because 34:20 third-party apps they need two things. They need to know who you are three things. Which platform are you on the Salesforce experience deviates if 34:30

you're on a mobile phone or if you want a tablet or if you're in a Windows device so nice to know which device you on secondly he needs to know which 34:38 your sight until you have some sales force has a site that needs to be put in there to know. Okay. This is your cell phones Heidi and asked me if 34:47 you chew your identity. So, you know that yeah, I don't have admin rights within Salesforce when I shouldn't have said those are the three things that 34:57 the the um actually asked to this experience. So this one just shows that you might not have an idiot of a solution on activity. You might have 35:05

October opinion the mix so we can connect to that as well. But it is basically the exact same process that you need to run through. You just 35:14 redirecting to your identity provider. And the same process running through 35:24 the authentication tokens that deliver to the mobile app, and it has access to last a service. So if we look at 35:33 what what do you actually need to do this? So there are few things. I think we started out by saying that there are some items that you need to have 35:43

control over which is your identity provider configure house at connected to all the different services that you want access to. And of course you use 35:50 identities some of the most important pieces in enabling your organization to leverage single sign-on, right? 36:00 But how is the ivp chain control? And how is it constructed so that you don't run into 36:07 problems, which is also an important piece. So let's do a almost live demo again 36:16 because often when people they say all we like your workspace premium post ask you but 36:26

we want we want to take out the the um parte and get a discount for taking that out. There's some reason why it's in there because the way that we 36:35 deliver this experience. It's not it's not because we want to push it out in point management system. It's because it's part of getting the 36:45 experience that you see on our demo booth. So now we're going to show a little demo will be going to take a third party app that needs these three 36:54 things. He needs to know which device it's four. Am I pushing to an Android on I guess it needs to know that the site is a swag application to need to 37:02

know the slight the slack that we belong to and then he needs the identity. So I open 37:12 up the workplace application. So, of course when you do that, you need to authenticate depending on the authentication timers that you have installed 37:21 for configured for your workplace application. But you see I'm locking in I've asked you a certain set of applications. It could be faster this 37:30 application for the web applications. But when I click on the slack application the configuration support to this device that you need to enroll in 37:38

order to do this, so we might have a BYOD device from a corporate perspective. 37:47 I made it goes through the enrollment process. He keeps that off and it passes on the credentials to the end-user won't have to do this again, but we 37:59 cannot really go around the enrollment process from Apple that has naturally. And use a steps included in it. 38:07 So we need to run through that. I put spot in rolls open-top the workplace out. So now you're enrolled now you have 38:16

actually Installing. I will installing the slack application. At the same time what we're doing from an endpoint management perspective is that 38:26 we living things like application context meaning seating that application with the information needed to connect to the site that it needs to connect 38:36 and use effects on the application. Get the first time user experience from Flac. Prompts the user you want to 38:45 sign-in? Yeah, I want to sign in. Now we should get access to that slack Channel all that 38:55

slack site that has been configured by the employment service. However, we're not able to eliminate all images of steps because 39:04 each of these application has their own first time user experience and the user needs to run through this but as you can see no authentication 39:14 problems. only access directly Thank you very much. 39:22 So it could be but in this case we're using the environmental solution at the MGM agent. 39:41 Let's say you have desktop users connected to the same workspace. Do you want a single sign-on in you configured / 2.2 your 39:53

your appoint straight? exactly 40:02 Yeah, they took it so they can't go to the 40:16 pharmacy of integration. But since we already have an authenticated session we can reuse that through the 40:24 identity platform so doesn't really matter which platform that you're coming from. It is more of your authenticated. Let's use that and translate that 40:34 to something that makes that single sign on to your sass service. 40:43 If I want mobile single sign-on like you just showed up with desktops that aren't working late tonight. Does that work for without require a lot extra 40:53

figuration that would probably require some country duration of that configuration you would be able to do with you in pain management solution 41:02 depends on whether is the Nativity installed application Orissa 41:09 left and three and a half minute. 41:15 So 41:25 So secure mail also offers single sign-on capabilities and we have two different options and I encourage you to look at that off in the documentation 41:50 on how to configure that are there a few things you need to do in order to make that cop from anel. Prudential El Paso or perspective another common 41:59

way of doing single sign-on with a secure mail issues certificate-based authentication some configurations both from a implementing 42:07 perspective. But also making sure that you're a certificate provider is configured correctly in the environment solution can actually issue 42:17 certificates during in Roman and so on. So these are the two main ways of doing single sign-on for the secure mail application and it just that you 42:25 would use experience instead of you having to authenticate yourself and every time you take off an application for the first time then lets us to that 42:35

authentication for you. We have you authenticate it within the solution already. So let's pass out on and make sure you have easy access to Yahoo. 42:43 Patience. So Four Sisters files anyone using sisters files in here nice 42:50 places on the different applications, which is really good to see and of course we can do single 42:58 sign-on for the sisters that look at the Citrus files application as well. But the real beauty of these that it's also what you say interact as a 43:08

so-so. I open one of the application. I need something from one of the other application. It just seemed this leaflet to that authenticates 43:16 automatically and provide you with access to the services that that specific application offers. Superman and you suspected I don't need to worry 43:22 about offending hating every time I open a location. I'll try to access a service. 43:31 anyone familiar with our MDX technology that was a bit less. I'm a bit disappointed about that. 43:41

You may need to cut it also provides a lava capabilities from an application connectivity and also from a single sign-on perspective. 43:51 Oh, absolutely. So when it comes to third party app, I know that our development team reaches out to some of the 44:03 nomono map application developers because as yourself a slap there was a lot of screens you got to click even though that we could actually to do so 44:13 users to the right the slack channel. So of course, I know it's something that drives our development you nuts when they see all these user 44:22

interaction because every time you have user interaction something can go wrong. So the mall we can do so more than I we sometimes go out to these 44:29 developers and talk about our STK. How come we actually help you make your application Mo Enterprise ready? When you do a project like this you were 44:37 most likely be in the driving seat of having the communication with that company developing the apps that you want to the 3rd party apps that you want 44:46 to deploy cuz I'm just saying that is something where you as a customer needs to put in some effort in order to get them to deliver and 44:54

enterprise-ready app and we have description on how to do that. So we are all the time. Anything else? I just want to add one thing. You can fill out 45:01 an application to reach out to the local Sixers team have a conversation about with them on how can we use the switch axe terminology embedded in your 45:10 application to provide that security and configuration and a great user experience. There is no sessions. 45:18 Go City sessions. Thank you for coming. 45:28

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN206 - Citrix Endpoint Management: deep dive on SSO”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN206 - Citrix Endpoint Management: deep dive on SSO”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content