Configure Support for Citrix XenApp Resources
Configure Support for Citrix XenApp Resources
capam32
You can configure
Privileged Access Manager
to support the following specific resource types in a Citrix XenApp environment:- Citrix StoreFront: Access, transparent (automatic) login, and session recording.
- Citrix XenDesktop: Direct access, transparent (automatic) login, and session recording.
Published XenApp applications
: Direct access and session recording.Transparent login is not currently supported for published Citrix XenApp applications.
This topic has the following contents:
Requirements
Verify that the following requirements are configured in your Citrix XenApp environment:
- HTML5 client is enabled on the Citrix StoreFront store.
- WebSocket connections are enabled on Citrix XenApp and Citrix XenDesktop.
- IfPrivileged Access Managerand Citrix XenApp are in different subnets, configure Citrix StoreFront to allow remote users to access stores through NetScaler Gateway using the Enable Remote Connections task. For more information, see the XenApp documentation for your version of StoreFront.
- By default, concurrent connections by the same user from different IP addresses are not allowed. Because there are use cases where this concurrence might be necessary, there is an option to allow it. For example, your Citrix XenApp environment might have several jump boxes and a load balancer. An end user might run several sessions simultaneously, and the user sessions originate at different jump boxes. If this concurrence is necessary, you can allow concurrent connections. SelectEnabledforConcurrent Remote Connections Allowedon theConfiguration,Security,AccessPage. By default, this setting is set toDisabled.
Configure a Service for Citrix Storefront
Use this procedure to configure a service for Citrix Storefront.
Follow these steps:
- From the Menu bar, selectServices,Manage TCP/UDP Services.
- SelectAdd.
- Complete the following fields:
- Service Name: A unique name, for example, "XenApp_All".
- Ports:StoreFront_PortsWhereStoreFront_Portsare the port numbers for StoreFront, separated by a colon. For example, "80:6513".
- Application Protocol: Web Portal
- Launch URL: https://<Local IP>:<First Port>/Path_to_StoreFrontWherePath_to_StoreFrontis the browser path to StoreFront. For example, "Citrix/Store1Web"
- Browser Type: CA PAM Browser
- Auto-Login Method:PAMHTML Web SSO
- SelectSave.
Configure a Service for XenDesktop
Use this procedure to configure a service for Citrix XenDesktop.
Follow these steps:
- From the Menu bar, selectServices,ManageTCP/UDP Services.
- SelectAdd.
- Complete the following fields:
- Service Name: A unique name, for example, "XenApp_Desktop."
- Ports:XenDesktop_PortsWhereXenDesktop_Ports
- Application Protocol: Web Portal
- Launch URL: https://<Local IP>:<First Port>/Path_to_XenDesktopWherePath_to_XenDesktopis the browser path to XenDesktop. For example, "Citrix/Store2Web"
- Browser Type: CA PAM Browser
- Auto-Login Method:PAMHTML Web SSO
- SelectSave.
- In the StoreFront console, navigate toStores,XenDesktop_Store,Manage Receiver for Web Sites,Configure, Client Interface Settings.Verify that theAuto launch desktopoption is set.
Configure a Service for XenApp Applications
Use this procedure to configure a service for your Citrix XenApp applications.
Follow these steps:
- From the Menu bar, selectServices,ManageTCP/UDP Services.
- SelectADD.
- Complete the following fields:
- Service Name: A unique name, for example, "XenApp_Apps."
- Ports:XenApp_App_PortsWhereXenApp_App_Ports
- Application Protocol: Web Portal
- Launch URL: https://<Local IP>:<First Port>/Path_to_XenApp_AppsWherePath_to_XenApp_Appsis the browser path to your XenApp applications. For example, "Citrix/Store3Web"
- Browser Type: CA PAM Browser
- Auto-Login Method:PAMHTML Web SSO
- SelectSave.
- In the StoreFront console, navigate toStores,XenApp_App_Store,Manage Receiver for Web Sites,Configure, Client Interface Settingsand set theAuto launch desktopsetting.
Configure a Device for XenApp
Use this procedure to configure a device for XenApp.
Follow these steps:
- From the Menu bar, selectDevices,Manage Devices.
- SelectADD.
- Complete the following fields:
- Name: A unique name, for example, "XenApp"
- Address: The IP address of the XenApp server.
- Device Type: Select the following option:Access. Optionally, selectPassword Management.
- Services: SelectAddand select the services that you configured for XenApp resources. In this example,XenApp_All,XenApp_Desktop, andXenApp_Apps.(Accept the default values for other fields.)
- SelectSave.
Configure a Policy for Your XenApp Resources.
Configure a policy to associate your XenApp device and its services with users who require access. If session recording is required, select
Web Portal
from the Recording
options.Multiple users can launch CA PAM Client instances from different XenApp sessions.