Step 2. Configure seamless Single Sign-on with Citrix

Table of Contents



Currently, when a user opens an application for the first time from their workspace, that user will be redirected to the Citrix Storefront and is required to sign in. After authentication, the user can open an application from the Citrix Storefront. 

However, we recommend to configure Single Sign-On (SSO) with Workspace 365 and Citrix via SAML. Citrix Netscaler (version 11.0+) offers a way of redirection via a Responder Policy, which makes it possible to redirect the user directly from the Citrix Storefront to the application from their workspace via the Citrix App Launcher. In this article, we'll walk you through the configuration steps.

Note: Users will see a white screen when the redirect policy is enabled when they access the Citrix Storefront directly.

In summary, users can log into the Citrix Storefront (so without SSO) and open an application from there. Or you can configure the Responder Policy to enable SSO and redirect the user directly to the application, as described in this article.



Step 1. Configure Citrix Federated Authentication Service

More information on how to configure Citrix Federated Authentication Service:


Step 2. Install the Citrix app Launcher and HTLM 5 SDK

For the download files and instructions, visit our downloads page. We recommend to download the most recent version (currently version 3.0). 


Step 3. Configure Responder Policy

  • Configure a new Responder Policy on the Netscaler Gateway

  • Expression:
HTTP.REQ.URL.PATH_AND_QUERY.EQ("/Citrix/WEBURL/") && HTTP.REQ.HEADER("Referer").CONTAINS("/cgi/setclient?wica")
  • WEBURL = e.g "ndawWeb"

Step 4. Configure Responder Action

  • Configure the Responder Action

  • Expression:

Step 5. Bind Responder policy

  • Bind the Responder policy to the Netscaler Gateway Virtual Server


Proceed to step 3 

Back to top