IGEL OS and VeridiumID -password-less authentication

By Fredrik Brattstig @virtualbrat

I have had the opportunity to test VeridiumID combined with Apple FaceID authentication on IGEL OS. This is a very cool solution for password-less authentication to access your Citrix environment.
It’s very timely in the Work-From-Home scenarios where security and authentication mechanisms are a good way to protect your corporate data.
VeridiumID provides just that, MFA using Apple FaceID and much more. I have enrolled the VeridiumID app on my iPhone and connected it to my user in the Veridium demo environment. The steps to connect the app to the user was very simple:

  • Download the VeridiumID app from app store/google play
  • Enable TouchID/FaceID or Android equivalent
  • Open the VeridiumID app and scan your enrollment QR code (ex received in e-mail)
  • Enter your email address
  • Create a pin code
  • Use the OTP code you will get sent to your email address in the above step
  • Enrollment complete

When the enrollment is complete you simply configure your IGEL OS endpoint to authenticate to your netscaler and get going. For the work from home this configuration can be pushed to all your users endpoints in a matter of a few clicks.

Lets have a look at the IGEL OS configuration of Citrix Workspace App to enable Veridium Authentication:

At Citrix->Citrix Storefront->Server you point out the Netscaler Gateway DNS address
Open up Citrix->Citrix Global->Storefront Login, Set the Authentication type to “Citrix Authentication Mechanism (Instead of IGEL), smartcard disabled” to allow Citrix Workspace app to receive the correct authentication method from the Netscaler and enable the “Auto Login” checkbox. The “Auto Login” allows Workspace App to launch without asking for user credentials. For the users benefit, I also enabled launching the “Demo” desktop automatically.

If you want your users to access the Netscaler using web browser instead, here are the simple web browser configuration (same config apply if you want to user Chromium session instead of the below Firefox session):

For web browser access, simply just point the start page to your Netscaler gateway

As you can see, the configuration needed for IGEL OS is very simple to get your users to start using VeridiumID authentication. VeridiumID supports more authentication options than Touch/FaceID on IPhone, you can find more information on the supported methods on https://veridiumid.com

Potentially ANY service type that can offer VeridiumID authentication can be adopted by IGEL OS, but I focus todays blog on Citrix access.

Read about the VeridiumID integration at the IGEL Ready showcase here: https://www.igel.com/ready/showcase-products/veridiumid/

Below you will find a video on the user experience, enjoy!

#staywell and forget about passwords!

/Fred