Jump to content
Welcome to our new Citrix community!

always on vpn before windows logon with user certificate as user tunnel


Recommended Posts

Hello,

using the documentation procedure , I’ve been able to configure the machine tunnel using a device certificate and an ldap authentication for the user tunnel.

Now, instead of using the ldap authentication, I wish to use a user certificate to connect the user tunnel. If it’s possible, how can I achieve this?

And if yes, will il be possible to use policies and authorization to allow different access to the user?

Thanks

 

Link to comment
Share on other sites

I’m going to say no, because you have to enable the client certificate policy on the AAA. Not sure the AOService is going to react well to that, and you can not split out to multiple gateways. 
However, if you are looking to do a seamless machine to user tunnel transition if you have Azure AD you could either AAD join or Hybrid join the machine to the Azure AD tenant, then set the next NFactor after AOService to SAML.  I have an EPA scan looking at the registry to determine hybrid join status and if successful using SAML, if not then fail back to LDAP. 

Link to comment
Share on other sites

  • 2 years later...
On 11/13/2021 at 11:48 PM, Brian Korrow said:

I’m going to say no, because you have to enable the client certificate policy on the AAA. Not sure the AOService is going to react well to that, and you can not split out to multiple gateways. 
However, if you are looking to do a seamless machine to user tunnel transition if you have Azure AD you could either AAD join or Hybrid join the machine to the Azure AD tenant, then set the next NFactor after AOService to SAML.  I have an EPA scan looking at the registry to determine hybrid join status and if successful using SAML, if not then fail back to LDAP. 

Do you know of any blog post showing the SAML nfactor approach? I’ve been trying to do this but the policy fails. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...