Single Sign-On the Way It Should Be

Single sign-on the way it should be

6 ways Citrix Workspace delivers seamless access to all apps while improving security and the user experience

Single sign-on (SSO) solutions were designed to make life easier for employees and IT.

SSO solutions are meant to reduce the Citrix Workspace helps you unify all cost of management and provide better apps and data across your distributed IT security, all while delivering an improved architecture to provide single sign-on to all user experience. However, many solutions the applications and data your people need fall short, covering only one type or a to be productive. subset of application types. This forces Working with your existing infrastructure, you to implement several access solutions Citrix Secure Private Access consolidates from different vendors to cover your entire application landscape—negating the multiple remote access solutions, like productivity and user experience beneﬁts traditional VPNs or SSO solutions, you hoped for. The complexity this type of simplifying management for IT and implementation creates also runs counter providing uniﬁed access for employees. to the zero trust initiatives that many organizations are undertaking.

Citrix | Single sign-on the way it should be 2

6 beneﬁts of the Citrix Workspace SSO solution

1. VPN-less and Secure Private Access to corporate resources

2. Granular controls for SaaS apps and the web

3. Control over your user identity

4. Security beyond user names and passwords

5. Seamless integration with your existing environment

6. Resolving issues faster with end-to-end visibility

Explore the details of each beneﬁt on the following pages.

Citrix | Single sign-on the way it should be 3

VPN-less and Secure Private Access 1 to corporate resources

Many solutions are limited in the scope of Web Enterprise VDI Cloud Mobile apps apps apps apps apps the application landscape they cover. If you have a solution that covers only your virtual and enterprise apps, for example, you’d need a separate SSO solution to provide access to your web and SaaS applications.

Citrix Workspace simplifies access with SSO to virtual, SaaS, and web apps, as well as to file repositories in the cloud and in your Citrix Secure Private Access datacenter. By reducing the complexity of multiple access solutions like VPNs and SSO, IT can achieve the outcomes to fit their zero trust strategy while enhancing the end-user experience.

Citrix Workspace with Secure Private Access gives you access to all your apps and data

Citrix | Single sign-on the way it should be 4

Granular controls for SaaS 2 apps and the web

Your SSO solution should go beyond basic Admins can blacklist and whitelist URL access and provide you with granular, categories to allow or deny access to contextual controls over SaaS and websites. You can also disable URLs web apps. launched from SaaS apps, or present unknown SaaS apps or web links in a Additionally, unmonitored internet browsing secure browser to isolate them from opens your organization up to risk. Some corporate network or resources. This organizations restrict internet browsing, protects the organization, as malware but this can hamper productivity. distributed through malicious sites never Data protection is a top zero trust outcome touches the corporate infrastructure. most organizations are looking to achieve. Citrix Secure Private Access supports Citrix Secure Private Access helps protect the most popular SaaS apps—including data through enhanced security policies SalesForce, G Suite, Office 365, Zoom, for SaaS and web apps. Controls include Workday, and Expensify—in its restricting copy/paste, printing, and the out-of-the-box catalog. You can ability to download content. You can also use preconfigured application gain control over the navigation bar, templates to easily publish apps back/forward buttons, and mobile and configure single sign-on policies. access, as well as enable watermarking.

Citrix | Single sign-on the way it should be 5

Control over your 3 user identity

Citrix Secure SaaS apps Existing user Private Access including Ofﬁce 365 repository

Federation Services

On premises

SaaS applications like Microsoft Ofﬁce 365, supported identity platforms include Salesforce, Workday, and ADP are becoming Microsoft, Google, and Okta. This is essential to how we work today. In fact, the accomplished through identity federation, average enterprise uses 1,427 distinct using internal SAML or ADFS federation cloud services.1 services to provide the cloud service with a secure trusted token containing a series To provide SSO to these apps—which are of claims about the authenticated user, delivered from the cloud and are outside including their identity. These claims are of the datacenter network—most solutions in turn validated by the cloud services’ require you to move your user directory to own federation services. the cloud, forcing you to rip and replace your existing identity infrastructure. By providing this choice, Citrix empowers Citrix Secure Private Access enables choice, you to leverage your existing investments empowering you to bring your own identity in identity providers while providing to Citrix Workspace. Our rich ecosystem of Secure Private Access to your corporate resources.

Citrix | Single sign-on the way it should be 6

Security beyond user names 4 and passwords

User authentication is becoming Citrix Secure Private Access increasingly important, especially as integrates with and supports all organizations implement business authentication mechanisms and Password continuity plans and have large segments protocols, including RADIUS, TACACS, of their workforce accessing corporate NTLM, Diameter, SAML 2.0, OAuth 2.0, resources remotely. These workers, along and OpenID 2.0. It also supports Azure with partners or contractors who may not be Active Directory for multifactor part of the corporate directory, are working authentication and passwordless + Proof off the corporate network and on personal logins, as well as on-premises Active devices. This makes it crucial to quickly and Directory for two-factor authentication correctly identify the user and authorize using native OTP. their access to corporate resources. Citrix Secure Private Access provides That's why Citrix Secure Private Access capabilities to scan end user devices doesn’t rely on just user names and before and after a user session is = Access passwords. It supports multifactor established. Based on the results of user authentication, which allows IT to have role, user location, and the device posture granular control over who’s accessing the assessment, an administrator can deﬁne corporate network, what’s being accessed, how they want to authenticate and when it’s accessed, and the device used authorize access to their applications. to access it.

Citrix | Single sign-on the way it should be 7

Seamless integration with 5 your existing environment

A single sign-on solution has a lot of touch Citrix Secure Private Access easily integrates points within your environment, from the with your existing infrastructure so that you can user directory, to authentication ensure a great user experience while simplifying mechanisms, to applications and IT management. even end-user devices.

Support all Customize authentication Support all end-user your frontend mechanisms, Support all SSO devices, including application including RADIUS, protocols, including Windows, Mac, portal with your Diameter, Kerberos, SAML, OAuth, Linux, iOS, and organization’s Microsoft NTLM, and OpenID Android platforms own branding TACACS, and form-based

Ease of integration with existing systems was the most important factor when considering enterprise authentication solutions.2

Citrix | Single sign-on the way it should be 8

Resolving issues faster with 6 end-to-end visibility

Because Citrix Secure Private Access With risk indicators and criteria to help provides access across your entire detect user anomalies, you can conﬁgure application landscape, it’s also able to the policy controls to quickly identify and provide the visibility you need to monitor get alerted about bad or risky user behavior, and troubleshoot application delivery and such as users accessing or uploading / user experience issues. downloading information from malicious and risky websites. Automation with Citrix Citrix Analytics, a complementary Analytics can take action on your behalf, component of Citrix Workspace, brings you performing actions like recording sessions, complete end-to-end visibility into all TCP expiring shared document links, or locking and HTTP user sessions. Insight captures the user out of their account. authentication errors due to events like an expired password, locked-out account, Give people the freedom to get work done endpoint scan failure, and any SSO or their way. With Citrix Workspace, you can application launch failures—so that provide true single sign-on across all you can troubleshoot issues faster. applications by replacing traditional VPNs or SSO access solutions. Deliver simpler IT Citrix Analytics also provides continuous management, better security, and an authentication and authorization, a top improved user experience. zero trust outcome for many organizations. Awareness of contextual factors like To learn more, visit citrix.com/workspace. change in location or device can trigger added security controls, such as a second factor of authentication, before granting access to a corporate resource.

Citrix | Single sign-on the way it should be 9

Sources: 1. 12 Must-Know Statistics on Cloud Usage in the Enterprise, Skyhigh Networks. 2. 2017 State of Authentication Report, Javelin.

© 2021 Citrix Systems, Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Ofﬁce and in other countries. All other marks are the property of their respective owner(s).