I am making available the first release of the previously announced Google authenticator modification for Citrix WI .
The modification is available in two versions and one of them is free. See below the basic comparison
|Features||GA for CitrixWI - Free Version||GA for CitrixWI - Advanced|
|Citrix WI version||5.4.x||5.4.x|
|Possibility of choosing between mandatory or optional second factor authentication||+||+|
|Enrolling GA Tokens for users by admin (GA Hash/QR Generator page)||+||+|
|User self-enrollment||-||+ (more info here)|
|Support||Public discussion (best effort)||1 year Email support included|
|Installation||Installer||Installer and/or manual installation via remote access tools|
The free version of the script is available to download. This time I have compiled all into a "smart" self-extractable archive with configurable options.
Once installed, a third field will appear on the login screen
For users who do not have an active Google Authentificator account configured for Citrix WI, there are two options. A user may be forced to have one, and in this case he/she will be forwarded to the page below and will be given no access to applications (forced mode).
Or, if not forced, there will be a little warning appearing at the top of the page:
More screenshots available at the promo page
There are basically only 3 options to configure
- Path of the Web Site (by default C:\inetpub\wwwroot\Citrix\XenApp\ )
- Path of the folder where user hashes will be kept (GAStorage)
- Whether to set second factor as a mandatory requirement to use applications (if set, users will not be able to launch any application)
Once the modified scripts have been extracted, you are ready to provision GA tokens for your clients. Provisioning process is as below:
- Generate a user hash using the generator page located at <yoursite>/html/GA-QR_Generator.html
- Scan the generated QR Code with clients Google Authentificator and save it
- Save the generated serverside hash file to GAStorage folder (by default - C:\GAforCWI\GAStorage\ )
Please note, that for the paid version, this can be done by users themselves as described here.
There are only 2 configuration files, both located in the root of the Web Site:
- GAFolder.ini - contains the path of the hash storage - by default: C:\\GAforCWI\\GAStorage\\ (note the double slashes used)
- GAForce.ini - sets wheter second factor is mandatory (can be set to true or false)
Download the installer from here.
See instructions here