Jump to content
Welcome to our new Citrix community!

restrict users from accessing Citrix gateway using AD security group

Recommended Posts



My client wants specific security group to access Citrix gateway so i follow the steps on below link



I'm done configuring the above link and the users on the specific security group accessed the Citrix gateway but when i tried to access different user account within the OU where the security group is in, it also give access. What seems to be the problem and solutions to this? 


Also, is it possible to have a nested security group? For example security group inside a security group can have access to Citrix gateway?

Link to comment
Share on other sites

Well, nested groups is about groups inside groups. So if there is a group "logonThroughGateway", members are HR and Finance, and users are members of HA or Finance, you would need nested group extraction.


There is a quick way to do:


Create a group in Citrx ADC with exactly the same name as in AD. Bind your session policy to it. Create an other session policy with a "sorry, you are not allowed" page set as home page. Bind the  Sorry- policy to the gateway with same or higher priority number than the one bound to the group.


Group members will see resources, all the rest will see your sorry page. It's a quick and dirty method, but will probably even do a better job, as all other people won't see a "invalid username or password", but en explanation.


Greetings from Austria


Johannes Norz


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...