≡ Menu
Deep in the Code

Enabling Single Sign-On in Citrix Receiver

Citrix logo

After downloading a new version of Citrix Receiver and installing it, I discovered that the single sign-on (SSO) functionality that used to “just work”, had stopped working.

After hunting through the Local Group Policy Editor, the registry, and the folder in which Citrix was installed, I was able to put together the following instructions. Completing these steps fixed my problem, however, the fole locations may vary somewhat depending on how your Windows and Citrix installations are configured.

Note: The person executing these steps will need local admin rights on the PC.

  1. Add the following site(s) to the Local Intranet zone in Internet Options. (These will be specific to your organization.)
    1. http://yourcitrixwebportal.com
    2. https://yourcitrixwebportal.com
    3. In Internet Explorer, go to Tools –> Internet options.
      On the Security tab, click “Local intranet” in the “Select a zone…” area.
      Internet Options dialog box
      Click the Sites button, and on the next dialog box, click the Advanced button.
      Local intranet zone box
      Add each site above by pasting or typing the URL into the “Add this website…” field and click the Add button for each one. The checkbox requiring HTTPS should be unchecked.
      Local intranet zone - add sites
      Click Close, OK.

      Click the Advanced tab on the Internet Options box. Make sure the “Enable Integrated Windows Authentication” checkbox is checked. If not, check it. (You will also need to reboot the PC if this setting is changed after closing Internet Options.)
      Internet Options box - Advanced tab
      Click OK to close Internet Options.

  2. Copy files from the Citrix Receiver client into the appropriate Windows folder to enable Citrix Group Policies.
    1. Copy CitrixBase.admx and receiver.admx from “C:\Program Files (x86)\Citrix\ICA Client\Configuration” to “C:\Windows\PolicyDefinitions”
    2. Copy CitrixBase.adml and receiver.adml from “C:\Program Files (x86)\Citrix\ICA Client\Configuration\en-US” to “C:\Windows\PolicyDefinitions\en-US”

  3. Click Start –> Run –> type gpedit.msc in the search field and hit Enter to open the Local Group Policy Editor. Find the “User authentication” folder in the left pane under Local Computer Policy –> Computer Configuration –> Administrative Templates –> Citrix Components –> Citrix Receiver. Click “User authentication” to display its settings in the right pane. In the right pane, double click “Local user name and password”. Click the Enabled radio button, and make sure that the “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections” checkboxes are checked. Click OK to close the “Local user name and password” settings box. Close the Local Group Policy Editor.
    Local Group Policy Editor
  4. Reboot the PC.
  5. When opening the Citrix app you may see a box asking to Permit or Block access to local resources. Check the checkbox and select Permit.

About the author: I solve problems. Solutions Architect / Senior Software Engineer / Business Analyst / Full-Stack Developer / IT Generalist