When the Secure Access Client is loaded, users are prompted to log on to the Access Gateway to establish the connection. The Access Gateway administrator determines the type of authentication using the Authentication tab of the Administration Tool, as described in “Configuring Authentication and Authorization” on page 69.
If double-source authentication is configured on the Access Gateway and the users are logging on using full access, they type their user name and passwords for each type of authentication. For example, users are configured to use LDAP authentication and RSA SecurID. They would type their password, their RSA SecurID personal identification number (PIN), and RSA SecureID code. For more information about logging on using double-source authentication, see
“Logging On Using Double-Source Authentication” on page 166.
The Secure Access Client is installed the first time the user logs on to the portal Web page.
Note If you are using the Linux Client, the connection window will not include the options described in the following procedure.
To install the Secure Access Client
1. In a Web browser, type the Web address of the Access Gateway, for example, https://www.mycompany.com.
2. If the Access Gateway requires the user to log on, type the user name and password and click Login.
3. On the Citrix Access Gateway portal page, select My own computer and click Connect.
The user is prompted to install the net6helper.cab ActiveX control.
4. Follow the prompts to install the Secure Access Client.
After installation, an icon appears on the desktop.
To log on to the Access Gateway using the Secure Access Client 1. Double-click the Secure Access Client icon on the desktop
2. In the Citrix Secure Access Client dialog box, users enter their logon credentials.
If the Access Gateway is configured with more than one authentication realm and users need to connect to a realm other than the Default, enter the realm name before your user name (realmName\userName).
If your site uses Secure Computing SafeWord products, type the passcode.
3. If the Access Gateway requires double-source authentication, type the user name and the password for each authentication type.
If your site uses RSA SecurID authentication, your password is your PIN plus the number displayed in the RSA SecurID token.
.
The Secure Access Client dialog box showing double-source authentication
4. If the user needs to change settings, right-click the dialog box and then click Advanced Options. You can change the following settings:
• Web address of the appliance. This also displays the last 10 IP addresses or FQDNs to which the user connected.
• Proxy settings for the client computer. Users can configure automatic proxy server detection or manually configure a proxy server.
• Enabling split DNS. This setting can be set in the Administration Tool. If it is unavailable, the setting cannot be changed. For more information about split DNS, see “Enabling Split DNS” on page 147.
• Disabling security certificate warnings. If you did not install a secure certificate signed by a Certificate Authority, users see a certificate warning when they log on. This setting disables the warning.
The Secure Access Client dialog box with the pop-up menu
5. You can show or hide the secondary password field. To do so, do one of the following:
• If the secondary password is showing in the dialog box, right-click anywhere in the box and in the menu, select Hide Secondary Password.
• If the secondary password is not showing, in the dialog box, right-click anywhere in the box and in the menu, select Show Secondary Password.
Note The password labels in the Secure Access Client dialog box can be changed on the Authentication tab in the Administration Tool. If you hanged the password labels, the text appears in the Secure Access Client dialog box and on the logon Web page. The menu item for showing and hiding the password labels does not change. For more information, see “Changing Password Labels” on page 98.
6. Click Connect.
When the connection is established, a status window briefly appears and the Secure Access Client window is minimized to the notification area. The icon indicates whether the connection is enabled or disabled and flashes during activity.
To view Secure Access Client status properties
Double-click the Secure Access Client connection icon in the notification area.
Alternatively, right-click the icon and choose Properties from the menu.
The Citrix Secure Access Client dialog box appears.
The properties of the connection provide information that is helpful for troubleshooting. The properties include:
• The General tab displays connection information.
• The Details tab displays server information and a list of the secured networks the clients are allowed to access.
• The Access Lists tab displays the access control lists (ACLs) that are configured for the user connection. This tab does not appear for users who are not in a group or if an ACL is not configured for a group.
To close the window, click Close.
To disconnect the Secure Access Client
Right-click the Secure Access icon in the notification area and choose Disconnect from the menu.