You can configure the Windows Client to use the single sign-on feature for establishing a connection to a Citrix and a Remote Desktop server. Hence, when the users are authenticated to the Windows domain, they are not prompted for credentials to connect to the terminal servers such as, Citrix StoreFront and Remote Desktop Connection. This facilitates users not to specify the credentials again when they login to terminal server such as Remote Desktop or Citrix StoreFront, after they have performed the authentication to Microsoft Windows. To achieve this, you must install the Advanced Authentication Windows Client on the terminal server.
NOTE:When the Single-sign on (SSO) for Remote Desktop is enabled, the Interactive logon: Smart card removal behavior policy is ignored. You need to disable SSO to make it working.
The single sign-on feature is enabled by default for accessing terminal servers and by default single sign-on feature works irrespective of Advanced Authentication Windows Client installation on the terminal client.
To enable single sign-on only when the Advanced Authentication Windows Client is installed on the terminal client, perform the following steps:
Open the config.properties at C:\ProgramData\NetIQ\Windows Client path.
If the file does not exist, create a new file.
In the config.properties file, specify sso_aaf_required: true (default value is false).
Save the configuration file.
Restart the operating system.
To completely disable the single sign-on feature, perform the following steps:
Open the config.properties at C:\ProgramData\NetIQ\Windows Client path.
If the file does not exist, create a new file.
In the config.properties file, specify sso_logon_enabled: false.
Save the configuration file.
Restart the operating system.