Highlighted
BigBJ
1 Nickel

Poll: ThinOS and Microsoft MFA SAML Authentication

Good Day All

My organization is moving to retire our EOL RSA two-factor authentication for externally connected 3040 ThinOS devices in favor of Microsoft Azure MFA.  Azure MFA is a SAML based authentication which requires a browser for pass through as the native Citrix receiver has no way of providing a web page to sign on to Azure. The user then gets a prompt (or phone call or text) from the Microsoft Authenticator App to approve the connection.  ThinOS needs a lightweight browser to get to a normal Netscaler / Storefront logon page where an .ica file can be downloaded. After the .ica file is downloaded the client normally has an association with the file type (ThinOS does not have file association types) and knows to open those files with the native receiver to launch and the .ica file contains all the necessary connection settings.

 

I've brought this up the chain to our Dell reps as a feature set for ThinOS 9, currently slated for December 2019.  The Citrix side of our organization recently got Azure MFA working for iOS and native Citrix receiver working by following these write ups:

https://www.ferroquesystems.com/2019/02/howto-citrix-workspace-app-saml-auth-to-citrix-gateway-via-a...

https://discussions.citrix.com/topic/398621-workspace-app-saml-support/

https://www.carlstalhood.com/citrix-federated-authentication-service-saml/

The issue with ThinOS is we always get a Dell "modified" version of Citrix receiver (in the case of the write ups we need Citrix Workspace 1903 or 1904 for this to work) that doesn't support all the features of the full native client.

I thought I would reach out to the community and see who is road mapped for using Microsoft Azure MFA whom also use ThinOS devices and what your plans are?  Maybe if there are enough of us running ThinOS converting to Azure MFA that require this type of enhancement to ThinOS we can get it pushed up the developement ladder for ThinOS 9. I'd much prefer sticking with the over 300 externally deployed teleworker ThinOS devices instead of switching to a 3040 Thin Linux device (which does work with Azure MFA, I've tested already).  I don't like the Thin Linux presentation and configuration in WMS 1.3 vs ThinOS.

 

Thanks for taking the time to read and respond.

Labels (4)
Tags (4)
0 Kudos