Configure the Client Choices page

You can configure NetScaler Gateway to provide users with multiple logon options. By configuring the client choices page, users have the option of logging on from one location with the following choices:

• Citrix Secure Access client for Windows
• Citrix Secure Access client for macOS X
• StoreFront
• Web Interface
• Clientless access

Users log on to NetScaler Gateway by using the web address in the certificate bound to NetScaler Gateway or the virtual server. By creating a session policy and profile, you can determine the logon choices users receive. Depending on how you configure NetScaler Gateway, the client choices page displays up to three icons representing the following logon choices:

• Network Access. When users log on to NetScaler Gateway for the first time by using a web browser and then select Network Access, the download page appears. When users click Download, the plug-in downloads and installs on the user device. When the download and installation is complete, the Access Interface appears. If you install a newer or revert to an older version of NetScaler Gateway, the Citrix Secure Access client for Windows silently upgrades or downgrades to the version on the appliance. If users connect by using the Citrix Secure Access client for Mac, the plug-in silently upgrades if a new appliance version is detected when users log on. This version of the plug-in does not silently downgrade.
• Web Interface or StoreFront. If users select the Web Interface to log on, the Web Interface page appears. Users can then access their published applications or virtual desktops. If users select StoreFront to log on, Receiver opens, and users can access applications and desktops. Note: If you configure StoreFront as a client choice, applications and desktops do not appear in the left pane of the Access Interface.
• Clientless access. If users select clientless access to log on, the Access Interface or your customized home page appears. In the Access Interface, users can navigate to file shares, websites, and use Outlook Web Access.

Secure Browse allows users to connect through NetScaler Gateway from an iOS device. If you enable Secure Browse, when users log on by using Secure Hub, Secure Browse disables the client choices page.

Display the Client Choices page at the logon

When you enable the client choices option, users can log on with the Citrix Secure Access client, the Web Interface, Receiver, or clientless access from one webpage after successful authentication to NetScaler Gateway. When the logon is successful, icons appear in the webpage from which users can choose the method to establish a connection.

您可以启用客户崔ces without using endpoint analysis or implementing access scenario fallback. If you do not define a client security expression, users receive connection options for the settings that are configured on NetScaler Gateway. If a client security expression exists for the user session and the user device fails the endpoint analysis scan, the choices page offers only the option to use the Web Interface if it is configured. Otherwise, users can use clientless access to log on.

You configure client choices either globally or by using a session profile and policy.

Important:

When configuring client choices, do not configure quarantine groups. User devices that fail the endpoint analysis scan and are quarantined and treated the same as user devices that pass the endpoint scan.

Enable client choices options globally

1. In the GUI, on the Configuration tab, in the navigation pane, expandNetScaler Gatewayand then clickGlobal Settings.
2. In the details pane, under Settings, clickChange global settings.
3. On the Client Experience tab, clickAdvanced Settings.
4. On the General tab, clickClient Choices,and then clickOK.

Enable client choices as part of a session policy

You can also configure client choices as part of a session policy and then bind it to users, groups, and virtual servers.

1. In the GUI, on the Configuration tab, in the navigation pane, expandNetScaler Gateway > Policies,and then clickSession.
2. In the details pane, on the Policies tab, clickAdd.
3. In Name, type a name for the policy.
4. Next to Request Profile, clickNew.
5. In Name, type a name for the profile.
6. On the Client Experience tab, clickAdvanced.
7. On the General tab, next to Client Choices, clickOverride Global, clickClient Choices, clickOK,, and then clickCreate.
8. In the Create Session Policy dialog box, next to Named Expressions, selectGeneral, selectTrue value, clickAdd Expression, clickCreate, and then clickClose.

Configure Client Choices options

除了使客户选择使用session profile and policy, you need to configure the settings for the user software. For example, you want users to log on using either the Citrix Secure Access client, StoreFront or the Web Interface, or clientless access. You create one session profile that enables all three options and client choices. Then, you create a session policy with the expression set to True value with the profile attached. Next, you bind the session policy to a virtual server.

Before creating the session policy and profile, you need to create an authorization group for users.

Create an authorization group

1. In the configuration utility, on the Configuration tab, in the navigation pane,NetScaler Gateway > User Administration, and then clickAAA Groups.
2. In the details pane, clickAdd.
3. InGroup Name, type the name of the group.
4. On theUserstab, select the users, clickAddfor each one, clickCreate, and then clickClose.

The following procedure is an example session profile for client choices with the Citrix Secure Access client, StoreFront, and clientless access.

Create a session profile for client choices

1. In the configuration utility, on the Configuration tab, in the navigation pane, expandNetScaler Gateway > Policies > Session.
2. In the details pane, click theProfiles, tab and then clickAdd.
3. InName, type a name for the profile.
4. On theClient Experiencetab, do the following:
   1. Next to Home Page, clickOverride Globaland then clearDisplay Home Page. This disables the Access Interface.
   2. Next toClientless Access, clickOverride Global, and then selectOFF.
   3. Next toPlug-in Type, clickOverride Global, and then select Windows/Mac OS X.
   4. ClickAdvanced Settingsand next toClient Choices, clickOverride Global, clickClient Choices.
5. On theSecuritytab, next toDefault Authorization Action, clickOverride Globaland then selectALLOW.
6. On theSecuritytab, clickAdvanced Settings.
7. UnderAuthorization Groups, clickOverride Global, clickAdd, and then select the group.
8. On thePublished Applicationstab, do the following:
   1. Next toICA Proxy, clickOverride Global, and then selectOFF.
   2. Next toWeb Interface Address, clickOverride Global,然后输入网址的店面,往下h ashttp://ipAddress/Citrix/.
   3. Next toWeb Interface Portal Mode, clickOverride Globaland then selectCOMPACT.
   4. Next toSingle Sign-On Domain, clickOverride Global, and then type the name of the domain.
9. ClickCreate, and then clickClose.

If you want to use the Citrix Secure Access client for Java as a client choice, on theClient Experiencetab, in plug-in Type, selectJava. If you select this choice, you must configure an intranet application and set the interception mode to Proxy.

After creating the session profile, create a session policy. Within the policy, select the profile, and set the expression to True value.

To use StoreFront as a client choice, you must also configure the Secure Ticket Authority (STA) on the NetScaler Gateway. The STA is bound to the virtual server.

Note:

If the server running the StoreFront is not available, the Citrix Virtual Apps choice does not appear on the choices page.

Configure the STA server globally

1. In the configuration utility, on the Configuration tab, in the navigation pane, expandNetScaler Gateway, and then clickGlobal Settings.
2. In the details pane, under Servers, clickBind/Unbind STA Serversto be used by the Secure Ticket Authority.
3. In theBind/Unbind STA Serversdialog box, clickAdd.
4. In theConfigure STA Serverdialog box, in URL, type the web address of the STA server, and then clickCreate.
5. Repeat Steps 3 and 4 to add more STA servers and then clickOK.

Bind the STA to a virtual server

1. In the configuration utility, on the Configuration tab, in the navigation pane, expandNetScaler Gatewayand then clickVirtual Servers.
2. In the details pane, click a virtual server, and then clickOpen.
3. On thePublished Applicationstab, underSecure Ticket Authority, underActive, select the STA servers and then clickOK.

You can also add STA servers on thePublished Applicationstab.