making security even easier

Google authenticator for Citrix Web Interface 5.4 - First Release

I am making available the first release of the previously announced Google authenticator modification for Citrix WI .

The modification is available in two versions and one of them is free. See below the basic comparison 

Features GA for CitrixWI - Free Version GA for CitrixWI - Advanced
Citrix WI version 5.4.x 5.4.x
Installer + +
Possibility of choosing between mandatory or optional second factor authentication + +
Enrolling GA Tokens for users by admin (GA Hash/QR Generator page) + +
User self-enrollment - + (more info here)
Support Public discussion (best effort) 1 year Email support included
Installation Installer Installer and/or manual installation via remote access tools
Price Free USD99

download below

Buy now


The free version of the script is available to download. This time I have compiled all into a "smart" self-extractable archive with configurable options. 


Once installed, a third field will appear on the login screen

For users who do not have an active Google Authentificator account configured for Citrix WI, there are two options. A user may be forced to have one, and in this case he/she will be forwarded to the page below and will be given no access to applications (forced mode).

Or, if not forced, there will be a little warning appearing at the top of the page:



More screenshots available at the promo page



There are basically only 3 options to configure

- Path of the Web Site (by default C:\inetpub\wwwroot\Citrix\XenApp\ )
- Path of the folder where user hashes will be kept (GAStorage)
- Whether to set second factor as a mandatory requirement to use applications (if set, users will not be able to launch any application)

User provisioning

Once the modified scripts have been extracted, you are ready to provision GA tokens for your clients. Provisioning process is as below:
- Generate a user hash using the generator page located at <yoursite>/html/GA-QR_Generator.html
- Scan the generated QR Code with clients Google Authentificator and save it
- Save the generated serverside hash file to GAStorage folder (by default - C:\GAforCWI\GAStorage\ )

Please note, that for the paid version, this can be done by users themselves as described here.

Configuration files

There are only 2 configuration files, both located in the root of the Web Site:
- GAFolder.ini - contains the path of  the hash storage - by default: C:\\GAforCWI\\GAStorage\\   (note the double slashes used)
- GAForce.ini - sets wheter second factor is mandatory (can be set to true or false)



Download the installer from here.


See instructions here


<< Go back to the previous page

G+ profile

follow me : github, habrahabr , linkedin
Feel free to contact me directly :
emin --at huseynov --dot com

Other projects

Google authenticator for Citrix StoreFront
Google authenticator for Citrix Web Interface 5.4
MOTP App with QR based enrolment

Not security related