In a typical desktop-as-a-service environment, applications and desktops securely to consumers supplied by the use Citrix NetScaler Gateway technology. can the NetScaler Gateway login to avoid Active Directory user account allow LDAP search filter configuration is a common practice, only customers included with a particular group membership.
With CloudPortal Services Manager and hosted applications and desktops resources provides an easy way to manage and for service providers through a single control plane to NetScaler Gateway logon access switch without manually Active Directory to touch the requirement
here are the steps to enable this .:
create Hosted apps and desktops resource in CPSM
in CloudPortal Services Manager Web portal, to services navigate -> hosted applications and desktops -> Offering management and then click the resources tab. Click New .
, enter appropriate information and click Save . This is a new Active Directory Security Group (default OU's Cortex System / Services / HostedAppsAndDesktops / resources) create. If an Active Directory Security Group already exists and is to be reused, select "Find an existing directory" instead "create a directory name". This will "pin" Haad resource to the group.
Moreover, it is also possible to create a new group and add them as a member of an existing group.
Configure NetScaler Gateway LDAP policy
The next step is to configure the filters in NetScaler Gateway LDAP policy. If the AD group already exists and has been previously configured, this step can be skipped
Sign up for NetScaler Gateway interface and navigate to Configuration -.> NetScaler Gateway -> Policies -> Authentication. -> LDAP
Go to the Server tab, select the appropriate LDAP profile and click Edit.
in the search filter box, type the LDAP search filter to the Active Directory group name of CPSM Haad resource previously created. The default value is "resource -
could be an example search filter .:
& (memberOf = CN = resource - NSGLogonAllowed, OU = resources, OU = HostedAppsandDesktops, OU = Services, OU = Cortex system, DC = mydomain, DC = local)
If Active Directory groups are nested, it is necessary to add the string "1.2. 840.113556.1.4.1941 "as an extended match operator, for example:
& (memberOf: 1.2.840.113556.1.4.1941: = CN = ctxNSG-LogonAllowed, CN = Users, DC = mydomain, DC = local)
providing Haad resource for resellers, customers and users
Last, but not least, the Haad manager must resource in cloud portal services are provided to resellers, their customers and end users.
to the customer by providing the Haad resource these few configuration steps are complete, log access to the DaaS environment can be in a single panel, be granted only to users and consumers without access need directly Active Directory to.
0 Komentar