For a recent project, we needed users to log on with their accounts from a new domain and then be able to launch a CVAD desktop using SSO within an old legacy domain. In this blog, I’ll describe the steps I took to get this up and running.
First, let us briefly describe the components that were going to be used. Although it’s listed below, I won’t be covering the Citrix FAS configuration in this post. The main focus will be on configuring Authentik SAML in combination with a Citrix NetScaler.
- Authentik as the SAML IdP
- Citrix NetScaler as the SAML SP
- Citrix Federated Authentication Service (FAS) to enable single sign-on (SSO) for CVAD
- The
sAMAccountNamein the legacy domain was different from thesAMAccountNamein the new domain