Jump to content
Welcome to our new Citrix community!
  • 0

Access to VDI with "Authentication/AD segmentation"


otipaugle

Question

 

Hi all,

 

I have a short question : can we use different credentials to connect to the Web portal (SF) than we will use to connect to the VDI itself?

=> If I connect to the portal with user1@domain1, a vdi (say vdi1) will be presented if user1@domain1 is affected to a delivery group.

Then the said vdi1 has been provisionned using an XD controler that is a windows machine and part of a domain (say domain2). So I can provision a vdi on domain2 but how can I provision to user1@domain1 if we consider that these two domain are completely separated (no trust at all)? Domain1 is unknown to the XD, isn't it?

 

Does it make sense it term of security? What do we lose IF we can do that, appart from SSO. Is there any redirection that won't be working?

 

The other option in discussion is to have a VPN mounted with user1@domain1 account and then log to the SF with user1@domain2. But we want to see if we can go even further than this.

 

Is there any other design that would better apply ? The purpose is to avoid any transition of credentials from the remote computer local session (be a corporate device or not) and the internal VDI.

 

Maybe I must specify that in any case there will an F5 reverse proxy used to access SF and that all site (corporate, hotel, BYOD...) is considered as remote site in the design, nothing would be local.

 

Thank.

O

 

Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...