Citrix StoreFront authentication in SSO mode

I found something extremely intriguing about StoreFront and authentication and wanted to share it with the community.

Let’s take StoreFront 3.0, although I bet it was there since beginning.

When StoreFront is configured in SSO mode you have two types of authentication:

  1. From the Internet (via NetScaler)
  2. From internal network (no NetScaler involved)

The Internet authentication is pretty straight forward. StoreFront SSO is not active and users must login the old way, with username and password.

Internet Authentication (NO SSO)

The difference can be seen when SSO authentication from internal network is being used and one specific feature is missing. Explicitly.

And apparently, there’s a reason for it.

In StoreFront’s top-right side, there’s a drop-down menu that appears when clicking the user’s name. The drop-down menu is by default populated with the Activate” and “Log Off ” options, but the Administrator can add more options there.

But where’s the “Change password…” option?

Well, I mentioned that this feature is explicitly removed when SSO is active, and the reason is very logic and I’d give lots of Kudos to Citrix for this.

The reason for the missing “Change password…” option is just one: SECURITY.


As mentioned by some friends at Citrix, the logic behind this is quite simple. When an user logs in to his computer and SSO is active, the option is missing in order to protect it’s password, as he might leave his PC unlocked and “a friend” could change the password from StoreFront. And because SSO is active, the “friend” would not be asked for the current password.

If you have like me, clients that need to change passwords from StoreFront, tell them to connect with the alternate login method (Username and Password) and the “Change password…” field will appear where it should be.

2016-02-08_23-02-03_Citrix Receiver - Internet Explorer


2016-02-08_23-02-29_Citrix Receiver - Internet Explorer





Victor an End User Computing Consultant. You find him most of the time on Twitter (@01004753) but also on LinkedIn evangelizing new technologies and processes that can change in good, the world we live in. Victor has expertise in Server & Client Virtualization, Client Management, GPU Virtualization, HyperConvergence and Enterprise Security

Tagged with: ,
Posted in Citrix, HowTo

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow Victor Homocea on
My Gravatar

Storage, Virtualization, Container Orchestration

Marius Sandbu

cu camera pe bord

Stuff about WindowsVirtualDesktop

Ingmar Verheij

About Citrix, Remote Desktop, Performance, Workspace, Monitoring and more...

Carl Stalhood

Filling gaps in EUC vendor documentation

Stéphane Thirion

Don't Follow the Trend

Victor Homocea

Ray Heffer

Enterprise Technologies

Elvis Apostol

Calatorind prin lumi indepartate, pictez in cuvinte, lacrimi de culori.

%d bloggers like this: