This is a guest blog post by Jason Hudson, Technical Solutions Architect, and Michele Pelusi, Marketing Manager U.S. at 10ZiG.

Username entered. Password entered. We’re signing in … but wait, what about security? In today’s world, you can never be too secure with your organization’s assets and people and access to both. Happily, there are systems and services in place that you can learn about and adopt when developing or updating your group’s authentication process so it can be the very best it can. In this post, we’ll touch on multi-factor authentication (MFA), security assertion markup language (SAML), single sign-on (SSO) and what they mean and how they work within a Citrix environment.

So how can MFA, SAML, and SSO benefit your organization? From users to IdPs and service providers, how they interact with each other, and how the authentication process works between them, this blog post will highlight this and more. And at the end of the post, we have a full video demo to show how it all plays out with a SAML-authenticated SSO from a 10ZiG NOS Zero Citrix Client, including a set-up and a demo of Azure SAML, Citrix ADC, and 10ZiG NOS-C Zero Client:

  • Setting up a Citrix ADC SAML connector in Azure AD
  • Installing the identity provider certificate in the Citrix ADC
  • Configuring a SAML virtual server on the Citrix ADC
  • Configuring a nFactor authentication policy on the Citrix ADC
  • Configure StoreFront for Citrix ADC Gateway and SAML authentication
  • Test the SAML authentication process using a 10ZiG 6048qc Citrix zero client
  • Troubleshooting SAML authentication issues and solutions with 10ZiG and Citrix

Multi-Factor Authentication (MFA):

There’s a good chance you’ve logged into an account today with your username and password. Multi-factor authentication adds another layer of authentication — a “second factor” — to that process. MFA uses something you know — a username and password — and something you have — for example, an app on your mobile phone — to enhance security. Take Office 365. When MFA is enabled for your Office 365 account and you sign in using something you know (your username and password), you’re contacted by Office 365 on something you have (your mobile device). This contact can come by voice, where you receive a call and verify your identity. You can get a text message with a code to use to complete authentication. And, you can authenticate using a mobile app, which is usually the easiest approach.

What are the benefits of MFA?

  • Enhanced Security: MFA requires many layers in the sign-in process, so it decreases the chances of the wrong people receiving access. They may get through one layer, but not all.
  • Identity Protection: In addition to data, MFA does the job of protecting against identity theft, just by the nature of its procedure. Multiple pieces of required info. are much better than one.
  • Effective Cybersecurity: With password thefts increasing, MFA offers peace of mind by making things more complicated for cyber criminals.
  • Cloud-Delivered MFA Option: With ever-changing cybersecurity threats, it is difficult for IT staff to stay current on risks, and the investment in software and equipment can add up. Cloud MFA lets organizations outsource their MFA solutions to experts.

Security Assertion Markup Language (SAML)

SAML authentication streamlines user access to your organization’s apps. An open standard, SAML is often used to provide single sign-on to web-based apps, and organizations can use it for both authentication and authorization. The SAML protocol has three components: the user agent, which typically is the user’s web browser; the service provider, which is the app the user is trying to access; and the IdP.

When configuring SAML federation, you establish a trust relationship between the service provider and the IdP. Users who want to access a service provider must first authenticate into the IdP. If the user successfully authenticates and is authorized, the IdP generates a SAML assertion, which is sent to the app. The app trusts the IdP, so the user is granted access. And, because the user is already authenticated into the IdP, the user can user SSO to access other apps.

The SAML authentication flow can be initiated by the service provider or the IdP. When the flow is initiated by the service provider, there is direct interaction from the user requesting access to a service provider’s app. With an IdP-initiated flow, the user first logs into an IdP portal, then selects from a list of trusted, pre-configured service provider apps.

What are the benefits of SAML?

  • User Experience: Because SAML offers SSO services, it reduces “password fatigue” from managing multiple passwords, offering a better user experience.
  • Ease of Use: SAML enables organizations to manage permission levels and apps access for their users with ease.
  • Security: It also offers SSO using IdP; user credentials are stored in the more secure IdP, rather than with every service provider. Communication between the IdP and the service provider uses SAML tokens, so this is inherently more secure.
  • Platform Neutrality: SAML enables integration with standard services like Azure Active Directory and IdP providers like Google Authenticator or Microsoft Authenticator to provide authentication services.
  • Reduced Administrative Costs: It “reuses” single authentication and reduces the administrative cost of maintaining individual SP account databases by transferring this burden to the IdP.

Single Sign-On (SSO):

SSO enables users to securely authenticate with multiple applications and websites by using a single set of credentials. With it, a user logs in with a single ID for a variety of software systems or programs. They say a true SSO system should be set up so that a user does not have to re-enter authentication factors when accessing services that they need, and only need to sign in once.

SSO helps with regulatory compliance. It’s no secret that organizations must comply with various regulations like SOX, HIPAA, and, more importantly, PCI DSS (Payment Card Industry Data Security Standard). The latter requires enterprises to allot unique IDs to all employees with device/resource access and ensure appropriate verification for external users. Failure to adhere to such a requirement can lead to hefty fines and other repercussions like losing the trust of partners, clients, or even employees. SSO helps you comply with regulations, helping to ensure effective access reporting and secure file sharing.

What are the benefits of SSO?

  • Time Savings: SSO saves time that can be spent on users re-entering passwords for the same identity over and over again.
  • IT Cost Savings: It reduces IT costs due to lowing number of helpdesk calls about passwords and related requests.
  • Improved Productivity: In addition to saving wasted time and wasted cost, productivity for both end users and IT staff goes up due to fewer logins and lost passwords.
  • Network Security: IT admins know for certain when they disable a user’s account that all is truly disabled due to the consolidation of network management information.

Learn More

Learn more about MFA, SAML, and SSO in our video demo of Azure SAML, Citrix ADC, and the 10ZiG NOS-C Zero Client.

In this video, learn more about the concepts around MFA, SAML, and SSO and how they can benefit your organization.

Finally, you can also learn much more with instructional videos available on the 10ZiG YouTube channel and in the 10ZiG.com video gallery.


About 10ZiG:

10ZiG is a virtual desktop endpoint provider that offers top-quality Thin & Zero Clients for VDI, Cloud, DaaS and Sass support; centralized management software; exceptional tech support service; and an advance warranty. 10ZiG provides leading Intel and AMD based, dual and quad core Thin & Zero Clients for a variety of environments. The 10ZiG offering include FREE, no-obligation demo devices, best-in-industry technical support teams in the U.S. and EMEA, and provides, at no cost, the cloud-enabled “The 10ZiG Manager™” with unlimited user licenses.

Get your free demo at sales@10zig.com or sales@10zig.eu or click here to get started.