How to force the user to Authenticate against our Active Directory even when remote on IGEL OS


Greetings Everybody. I feel like this is a ridiculously stupid setup question, so I apologize. Yesterday/this morning we were able to successfully get our ICG up and functional, and have a UD Pocket connected from the outside…so that was a win. What I’m struggling with now is this:

Learn more, read the entire thread inside the IGEL Community o Slack

Onsite, we have our users login to our iGel devices via their AD creds, and then it passes that through to our Citrix system to show which Citrix desktops are available to launch. As such we need to be able to force the user to Authenticate against our Active Directory even when remote, but since they are obviously not on our network, nor have a local IP address they don’t have access to our DNS servers to do that natively. Does anybody else have experience doing this or have guidance / an FAQ I’m not locating to help me through the process? Apologies in advance if I’m missing something completely obvious


That‘s a good question, not stupid at all!!

Well, ICG is a communication which takes only place for Igel configurations. So, and we will see if someone is correcting me, for AD Authentification on the endpoint, you would need a VPN in front of the network or AD.


Hi Sebastien! I appreciate the response. That was kind of where my thought process was going, but that was definitely not how the ICG was being presented to us as a remote use case.


Ok, that‘s odd, Sorry to hear that! We could maybe think about a few ideas but it‘s more a brainstorming:

from what I recall, when using Shared Worklpace (Igel software: kb.igel.com/igelos-11.01.110/en/shared-workplace-16450518.html) the device authenticates through UMS to authenticate against AD. I‘m not sure atm. if I‘m saying something wrong AND if Shared Workplace works through ICG.


Good Information. We’ll see if anybody else has ideas. Until then I’ll keep pondering and see what I can come up with.

So what I think we’ll end up doing is remove the front end AD authentication/authorization and log straight in to the iGel desktop, but immediately force the Citrix Netscaler to pop and have users authenticate against that. This would essentially mirror what a home desktop user would see.

Regarding the rest of the iGel desktop, we’ll just lock it down so that if the UD Pocket was lost, nothing would be immediately accessible/viewable to whomever had it in their posession


That‘s defintely an alternative, yes! Two things to add:

1) they are already a few profiles I created for an Appliance mode „like“, that could help you out (at least a bit): igelcommunity.slack.com/archives/C8GP9JHQE/p1551786208066400?thread_ts=1551229422.044800&channel=C8GP9JHQE&message_ts=1551786208.066400

2) we are planning for a further release a local logon management: cannot say too much atm. but that could maybe help to get it even more secured:

igelcommunity.slack.com/archives/C8GP9JHQE/p1566988061011400?thread_ts=1566987166.005600&channel=C8GP9JHQE&message_ts=1566988061.011400


Netscaler Citrix Access Gateway would do that part for you.

or if you have an older citrix. the Secure Access Gateway.


We ended up launching a bland locked down iGel desktop and then had the Citrix Storefront to pop and will have the user authenticate against that. So we were successful eventually. There was a slightly different need for the Storefront “Path to Store” as well which we got squared away.

Continue reading and comment on the thread ‘How to force the user to Authenticate against our Active Directory even when remote on IGEL OS’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base



Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!


Popular Message Threads


Categories & Tags: