Your SlideShare is downloading. ×

Icalogoneng

132
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
132
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DEKART Logon for Citrix ICA Client Users Guide Pages 33 2004
  • 2. Annotation This document is a general users guide for DEKART Logon for Citrix ICAClient.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 2 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 3. Contents1 Terminology (glossary)....................................................................................................................52 Function of Dekart Logon for Citrix ICA client ............................................................................63 General description..........................................................................................................................6 3.1 Security principles of Dekart Logon for Citrix ICA Client ................................................6 3.2 Features of Dekart Logon for Citrix ICA Client .................................................................6 3.3 Product components ...............................................................................................................6 3.4 System requirements ..............................................................................................................74 Installation of Dekart Logon for Citrix ICA Client........................................................................95 Updating Dekart Logon for Citrix ICA Client..............................................................................126 Removing (un-install) Dekart Logon for Citrix ICA Client .........................................................147 Working with Dekart Logon for Citrix ICA Client.......................................................................148 Working with Dekart Logon for Citrix ICA Client in management mode ..................................15 8.1 Launch the application in management mode ...................................................................15 8.2 Preparing the KSD for use with the application ................................................................18 8.3 Adding BIO ID to KSD ........................................................................................................19 8.4 Servicing the KSD.................................................................................................................21 8.5 Changing the PIN Code........................................................................................................22 8.6 Changing the BIO ID............................................................................................................23 8.7 Changing the label for the KSD...........................................................................................23 8.8 Clearing the KSD..................................................................................................................23 8.9 Unblocking the KSD .............................................................................................................24 8.10 Operations with ICA-connection list..................................................................................25 8.11 Additions/edits to ICA connections .....................................................................................25 8.12 Deleting ICA-connections from the list...............................................................................25 8.13 Storing an ICA-connection to the KSD...............................................................................26 8.14 Transferring the ICA connection from the list to the KSD...............................................26 8.15 Re-instating the ICA connection in the list, from the KSD ...............................................26 8.16 Connecting to a Citrix server...............................................................................................26 8.17 Transfer from management mode to monitoring mode ....................................................26 8.18 Viewing information regarding Dekart Logon for Citrix ICA Client..............................279 Working with Dekart Logon for Citrix ICA Client in monitoring mode .....................................27 9.1 Launch the application in monitoring mode ......................................................................27 9.2 Setting the automatic connection mode ..............................................................................28 9.3 Connecting with a Citrix Server.........................................................................................28 9.4 Disconnecting from the Citrix-server..................................................................................29 9.5 Switching from monitoring mode to management monde ................................................29 9.6 Changing work mode (temporarily turning off monitoring mode) ..................................29DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 3 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 4. 9.7 Viewing information about Dekart Logon for Citrix ICA Client.....................................30 9.8 Exiting Dekart Logon for Citrix ICA Client ......................................................................3010 Biometric authentication in Dekart Logon for Citrix ICA Client ............................................3011 Registering Dekart Logon for Citrix ICA Client ......................................................................31Attachment.............................................................................................................................................32 Device characteristics of KSD (PIN-codes, memory size) .............................................................32 Error messages..................................................................................................................................33 Appearance of window during KSD operations ............................................................................33DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 4 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 5. 1 Terminology (glossary)Dekart Logon for Citrix ICA Client (DLCIC) – name of the product.ICA-connection (Citrix ICA connection) – personal data required to access a Citrixserver (address, domain, password, etc.).KSD (Key Storage Device) – A device where personal information is stored (datanecessary to access and work with a Citrix server). A KSD can be either smart card orUSB token. The KSD can be secured with a PIN code, or can work without PIN.PIN (Personal Identification Number) – A personal identification number that isused to access information stored on the KSD. The PIN code length can be from 4 to8 characters, and should always be memorized, or be in the possession of only theKSD holder.Biometric Authentication - user authentication based on verification of specificphysical characteristics of the user by means of special biometric equipment. Biomet-ric authentication can be based on verification of fingerprints, iris, voice, and otherspecific characteristics of human body.Two-Factor Authentication - this is a process controlling the authenticity of theuser’s identity on the basis of the two following factors: “Something You Have – forexample, the KSD device” and “Something You Know — for example, the user nameand password, PIN-code”.Three-factor authentication - is a process controlling the authenticity of the user’sidentity on the basis of the three following factors: “Something You Have – for exam-ple, the KSD”, “Something You Know — for example, the PIN code”, “SomethingYou are – for example, the users BIO ID”.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 5 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 6. 2 Scope of Dekart Logon for Citrix ICA clientDekart Logon for Citrix ICA Client is intended to provide secure access to Citrixserver resources.3 General descriptionDekart Logon for Citrix ICA Client is a combined software and hardware solutionthat provides secure user access to a Citrix server, and its resources, by means ofstrong (2 and 3 factor) authentication.3.1 Security principles of Dekart Logon for Citrix ICA Client1. Security for Dekart Logon for Citrix ICA Client is provided by a KSD (PIN code protected) that contains the ICA-connection details and users BIO ID. The user no longer needs to store the connection data on a hard drive, and three-factor authentication reduces the risk of information losses in the event that the KSD is lost or stolen.2. In order to access a Citrix server and its resources, it is enough to connect the KSD to the computer, enter the correct PIN Code and pass biometric verification procedure (voice, fingerprint etc.). When the KSD is removed, the connection to the Citrix server is terminated.3. KSD will block upon multiple wrong PIN code entries. Note. Different KSDs have different error counters, allowing from 3 to 10 attempts to enter the wrong PIN code before blocking the KSD (see appendix).3.2 Features of Dekart Logon for Citrix ICA Client1. Ease of use – it is no longer necessary to remember or enter the access codes to the Citrix server.2. Mobility – the ICA-connection is stored on the KSD, and therefore access to the Citrix server can be gained from any computer. It is enough to connect the KSD and enter the correct PIN code.3. Interoperability – the KSD can be used not only for DLCIC, but also for a variety of additional applications: Dekart Logon and/or Dekart Private Disk, as well as others.3.3 Product componentsProduct components include the application, documentation and the KSD. The KSDacts as the unique means of access to a Citrix server.The KSD can be any of the devices below (depends on customer prefer-ences/requirements) • Aladdin eToken PRO; • Aladdin eToken R2; • Datakey Model 310; • Datakey Model 330;DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 6 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 7. • Eutron CryptoIdentity ITSEC; • Eutron CryptoIdentity 4; • Eutron CryptoIdentity 5; • GemPlus GPK; • Rainbow iKey 1000; • Rainbow iKey 2000; • Rainbow iKey 2032; • Rainbow iKey 3000; • Schlumberger Multiflex; • Schlumberger Cryptoflex; • Schlumberger Payflex.Attention! Before you purchase a USB token or smart card, please make sure that ithas enough memory to store the ICA-connection. Take into account that the part ofKSD memory may be allocated to other data, e.g. BIO ID. You can determine thememory usage of the card and read the USB token or smart card using the Dekart KeyManager Utility, as well as delete all unnecessary information using Dekart Key Man-ager or format the token or smart card using a Key Formatting utility or CorporateKey formatting utility.Note1. Certain user characteristics are described in the appendix.Note2. Dekart delivers all KSDs without a predefined PIN code.3.4 System requirementsHardware requirements• Personal computer, with at least a single port (COM, or USB) for KSD connec- tion.• In the event a smart card is utilized, the card reader must be PC/SC compatible.• If the user prefers to use three-factor authentication, a biometric device should be used, e.g. BioLink U-Match Mouse.Software requirements• Operating System: Windows 98, NT4.0, 2000, ME, XP.• Citrix ICA Client for Windows 32 bit (Full Program Neighborhood Version 7.00 and higher).• KSD drivers (usually provided with the product, or can be downloaded from the KSD manufacturers’ web site.• Drivers of biometric device.Note: The Citrix ICA Client must have at least one ICA-connection. During ICA-connection setup, it is necessary to specify: User name, Password, Domain, and setflag: Save password.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 7 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 8. Attention!In order to receive complete information about the Citrix ICA Client (setup, proce-dures, and other specifics), you should contact Citrix Systems, Inc., or visit their website www.citrix.com.Detailed information about biometric devices, used for authentication (features, soft-ware etc.) can be obtained from BioAPI Consortium at www.bioapi.org.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 8 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 9. 4 Installation of Dekart Logon for Citrix ICA Client1. Before beginning installation of the software, you must close all open applica- tions.2. In order to enable three-factor authentication, the biometric device should be con- nected and its drivers should be installed. Note: If the user hasnt previously installed the software working with biometric devices, then BioAPI Framework should be installed on the computer before in- stalling device drivers (the BioAPI Framework can be downloaded from www.bioapi.org, Implementation section).3. In order to install Dekart Logon for Citrix ICA Client you must launch the pro- gram: ICALogon.exe. 4. In the appearing window select Next. Figure 15. The licensing agreement window appears. You must accept the license agreement before you can proceed with installation.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 9 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 10. Figure 26. The next step requires that you enter your personal information, and the serial number of the product. Figure 37. You must then select the folder where the Dekart Logon for Citrix ICA Client software is to be installed.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 10 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 11. Figure 48. You must then select the folder in the Start Menu, where the Dekart Logon for Citrix ICA Client software is to be added. Figure 59. The final step in the installation process requires that you press Finish.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 11 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 12. Figure 6After this process is completed, the program will copy the necessary files, and the in-stallation procedure will be complete. Figure 7The following icon will appear on your desktop, as shown in Figure 8 Figure 85 Updating Dekart Logon for Citrix ICA Client1. The next time you launch the setup program, the installation program will auto- matically check for the presence of an earlier version, and will display all neces- sary information in the icon below.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 12 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 13. Figure 92. In order to continue the process, you must press Next. You must accept the license agreement before you can proceed to upgrade.3. Click the Finish button to terminate the update process. Figure 10Upon completion of the above steps, the program will copy the installation files. Inthe event that you are updating the application, all updated files will then be copied.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 13 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 14. Figure 11Note: After updating Dekart Logon for Citrix ICA Client, it is necessary to restartyour computer.6 Removing (un-installing) Dekart Logon for Citrix ICA ClientIn order to remove the software follow these steps:1. Select Programs menu in Start Menu, locate the folder you have entered in step 7 when installing the program (see par. 4), select Uninstall (alternatively, you can go to Control Panel, select Add or Remove Programs, select the program name in the list and press the Uninstall button). The following message will appear: Figure 12In order to confirm your intention to remove Dekart Logon for Citrix ICA Client pressYes.2. After successful completion of the de-installation process the following message will appear: Figure 137 Working with Dekart Logon for Citrix ICA ClientThe DLCIC application can function in two modes – management mode and monitor-ing mode. The first mode (management) allows you to setup the KSD for user accessDSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 14 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 15. to a Citrix server, and to manage the KSD. The second mode (monitoring) enables theuser to easily connect to a Citrix server. Management mode capabilities: Change PIN Change the PIN code Change Label Change KSD label Change BIO ID Change biometric identifier Unblock PIN Unblock the PIN code Clear KSD Clear KSD Add/Edit Add or edit the ICA-connection parameters Remove Remove the ICA-connection from the list Store to KSD Store the ICA-connection on the KSD (without removing from the list) Move to KSD Store the ICA-connection on the KSD with simultaneous removal from the list. Restore from Restore the ICA-connection from the KSD to the list. KSD Connect to… Connect to the Citrix-server in compliance with the ICA- connection stored on the KSD Minimize Close the window and transfer from management mode to monitoring mode. Exit Close the application Operations available in Management Mode: Connect Connection to Citrix server, according to ICA connection stored on the KSD Auto Connect Set automatic connection mode on KSD insertion Restore Change from monitoring mode to management mode Enable/Disable Enable/disable monitoring mode Exit Close application About Information about the application8 Working with Dekart Logon for Citrix ICA Client in manage-ment mode8.1 Launch the application in management mode1. Attach the KSD to the computer.2. Launching the application can be accomplished by the following means: • In the Start Menu select Programs, and then select the folder where the ap- plication is stored (see step 7 in par.4).DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 15 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 16. Figure 14 • Or, in Windows Explorer, open the folder indicated in par. 6 in the installation procedure (see par.4). Figure 15If the KSD is PIN code protected, you will see a window requesting for the PIN codebefore allowing you to access the system.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 16 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 17. Figure 163. The user must enter the PIN code and press OK.Attention! KSD will block upon multiple wrong PIN code entries. Please, be care-ful.The number of allowable incorrect entries varies according to the KSD manufac-turer, and the application.Note: If the BIO ID is stored on the KSD, the software will automatically detect itand will attempt to conduct biometric authentication.After successful authentication you will see the main application window. Figure 17If the application is launched without the KSD, then the main application window willappear as shown in Figure 18: Figure 18DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 17 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 18. In this case, the user must connect the KSD to the computer, and enter the PIN code,if necessary.8.2 Preparing the KSD for use with the applicationAfter launching the software, and connecting a new KSD, and if required, the PINcode verification (see par 8.1) the following window will appear: Figure 19In the left hand side of the table Citrix ICA Connections, all settings for ICA Connec-tions (from the file appsrv.ini), will be visible. In the right hand portion of the table,you will see data pertaining to the KSD(s) connect to the computer. In the first col-umn (Key Storage Device reader) you will see the reader(s) for the KSD (reader(s) forsmart cards or USB tokens). In the second column (KSD Label or ID) – label or ID ofthe KSD, in the third column (Custom ICA Connection) – ICA-connection.Note: if the KSD is new, then in the filed KSD Label or ID, you will see the serialnumber of the device. The user can change this parameter later.1. The user should left-click the KSD name to select the KSD (key storage device) being used. Figure 20DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 18 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 19. After this, the Change PIN, Change Label, Change BIO ID, Clear KSD buttons are activated.2. Select the ICA-connection in the Citrix ICA Connection field. At this point the Store to KSD, Move to KSD, Remove buttons are activated. Figure 213. In order to store the ICA-connection on the KSD, the user must press either the Store to KSD, or Move to KSD. In the first case the ICA-connection will be listed as an active ICA-connection (see Figure 22), in the second case, the ICA connection will be deleted from the list. After this procedure, the Restore from KSD button is activated. Figure 22At this point, all preliminary procedures to make the KSD ready for work are com-pleted.Note. In order to increase security, it is highly recommended that you assign a PINcode with the assistance of the “Change PIN” feature.8.3 Adding BIO ID to KSDIn order to enable three-factor authentication, the KSD should store users biometricidentifiers.Note: The choice of biometric device is determined by the physiological characteris-tics of user and the location of his computer.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 19 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 20. In order to add BIO ID do the following:1. Click the "Change BIO ID" button in program window. The window with the list of installed drivers for biometric devices will appear. Figure 232. Check the "Enable Biometric ID verification" checkbox and choose the biomet- ric device from the list.3. If the fingerprint scanner is used, e.g. BioLink U-Match, the user will be required to provide his fingerprints for scanning for several times. As soon as the scanning procedure is complete, the users BIO ID is stored on the KSD. Figure 23If the voice recognition device is used, e.g. SAFLINK Scansoft Voice Verification,the user will be required to speak the key phrase into a microphone to create his voiceDSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 20 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 21. template (Figure 24). After the voice template is created, the information is stored onthe KSD. Figure 248.4 Managing the KSDIn order to change parameters for the KSD and the information stored therein, it isnecessary to do the following:1. Launch the application, and connect the KSD, then enter the PIN code (see par.8.1).2. Using the mouse select the currently used KSD in Key Storage Device (KSD).Afterwards, the application window will appear as shown in Figure 22. At this pointthe user can perform the following functions with the KSD: • Change the PIN code (see par.8.5); • Change the label for the KSD (see par.8.7); • Change BIO ID (see par.8.6); • Clear the KSD (see par. 8.8); • Un-block the PIN-code (see par.8.9); • Change the ICA-connection in the KSD (see par.8.10).DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 21 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 22. 8.5 Changing the PIN CodeIn order to change the PIN code, you must perform the following steps:1. Launch the application (perform all steps in par.8.1).2. Using the mouse, select the KSD that is currently being used in Key Storage De- vice (KSD).3. Then press Change PIN. The following dialog box will appear: (Figure 25). Figure 254. In the field new PIN code, enter the new PIN cod, or leave it blank (in order to work without a PIN code) then press DE.Note: The PIN code length varies from 4 to 8 symbols.5. You will then be prompted to confirm the new PIN code, press DE. Figure 26After successful completion of the operation, you will see the following message. Figure 27DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 22 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 23. 8.6 Changing the BIO IDIn order to change BIO ID (if it has been previously stored on the KSD) do the fol-lowing:1. Launch the program.2. Click the "Change BIO ID" button in the program window. The Change Bio- metric ID window with the list of installed drivers of biometric devices will ap- pear, as shown in Figure 23.3. Select the biometric device from the list.4. Depending on the type of the selected device enter the required biometric informa- tion (fingerprint, voice). After the succession of biometric scans, the template will be stored on the KSD. Note: In order to stop using biometric authentication, the user should uncheck the Enable Biometric ID verification checkbox in the Change Biometric ID win- dow.8.7 Changing the label for the KSDThe label for the KSD contains the information about the owner of the device. Thefield can contain the name of the user, or any other pertinent information you wish toenter into the field. In order to change the label of the KSD, it is necessary to:1. Launch the application (complete all steps outlined in par8.1).2. Using your mouse, select the appropriate KSD in Key Storage Device (KSD).3. Then press the Change Label button. The following dialog box will appear: (Figure 28). Figure 283. In the field new Label, you must select the new label for the KSD and press DE. In order to clear the label new Label, you should leave the field blank and then press DE (in this case, in the field KSD Label or ID, the serial number will be stored – see Figure 22).Note: The KSD label cannot be more than 32 characters long.8.8 Clearing the KSDAttention! Performing this operation will erase all data from the device, includingall ICA connections!In order to perform this operation it is necessary to take the following steps:1. Launch the application (perform all steps in par. 8.1).DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 23 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 24. 2. Using your mouse, select the KSD being used in Key Storage Device (KSD).3. Then select Clear KSD. The application will ask you to confirm the operation (Figure 29). Figure 293. In order to perform the operation, you should pressDE. After performing the op- eration, the window will appear below (Figure 30) Figure 308.9 Unblocking the KSDAfter several incorrect PIN code entries, the KSD will be blocked. In order to unblockthe KSD, you should launch the application, and in the main window select UnblockPIN. Figure 31You will then be prompted to enter the PIN code.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 24 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 25. Figure 32If the PIN code is incorrectly entered, the KSD will be permanently blocked!Note: The number of allowable attempts for de-blocking the KSD will vary accord-ing to the application, and type of KSD.8.10 Operations with ICA-connection listAfter launching the application (see par.8.1), the user may edit the ICA connectionlist:• Add or edit the parameters for a specific ICA connection within the list (see par.8.11);• Delete an ICA connection from the list (see par.8.12);• Store an ICA connection on the KSD (see par. 8.13);• Transfer an ICA connection to the KSD (see par. 8.14);• Reinstate an ICA connection from the KSD to the list (see par.8.15).8.11 Additions/edits to ICA connectionsIn order to add or edit the parameters for a specific ICA connection in a list(Add/Edit button is active after launching the application, even if the KSD is not at-tached).In order to perform this operation it is necessary to:1. Launch the application (perform all steps in par 8.1).2. Press Add/Edit. At this time the Citrix ICA Client application will be launched (Citrix Program Neighborhood – Custom ICA Connections), which will allow the user to make the desired changes. After the application Citrix Program Neighbor- hood – Custom ICA Connections is closed, the DLCIC window will appear.Note: During ICA-connection addition or editing, it is necessary to specify: Username, Password, Domain, and set flag: Save password.8.12 Deleting ICA-connections from the listIn order to delete a specific ICA-connection from the list it is necessary to:1. Launch the application (perform all steps in par.8.1).DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 25 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 26. 2. Using the mouse, select the ICA-connection from the list: Custom ICA Connec- tions and press Remove.3. In order to continue working with the ICA-connection list, you must click on an empty field in the Key Storage Device (KSD) table, and then once again using the mouse select the KSD.8.13 Storing an ICA-connection on the KSDIn order to store a specific ICA-connection from the list on the KSD it is necessary to:1. Launch the application (perform all of the steps in par.8.1).2. Using the mouse, select the active KSD in Key Storage Device (KSD).3. In the Custom ICA Connections list select the required ICA-connection and press Store to KSD. The selected ICA-connection will appear in the Custom ICA Con- nection field of the Key Storage Device (KSD) table.8.14 Transferring the ICA connection from the list to the KSDIn order to transfer a specific ICA connection from the list to the KSD, it is necessaryto:1. Launch the application (follow all steps in par. 8.1).2. Using your mouse, select the active KSD in Key Storage Device (KSD).In the list Custom ICA Connections, using the mouse, select the required ICA connec-tion, and press Move to KSD. The selected ICA-connection will appear in the CustomICA Connection field of the Key Storage Device (KSD) table, and will disappear fromthe list of Custom ICA Connections.8.15 Re-instating the ICA connection in the list, from the KSDIn order to retrieve the ICA connection from the KSD it is necessary to:1. Launch the application (follow all steps in par. 8.1).2. Using your mouse, select the active KSD in Key Storage Device (KSD).3. Press Restore from KSD.8.16 Connecting to a Citrix serverIn order to connect to a Citrix server, it is necessary to follow all of the steps inpar.8.1, select the active KSD in Key Storage Device (KSD), press Connect to….The connection process to the Citrix server will now begin, corresponding to the pa-rameters of the ICA connection stored on the KSD.Note: After successful connection to the Citrix server, the connection stored on theKSD will be deleted from the list of ICA connections (Custom ICA Connections), ifthis has not already been previously done.8.17 Transfer from management mode to monitoring modeIn order for the application to transfer from the management mode to monitoringmode, it is necessary to press Minimize, in the main window. Upon completion ofthis operation, on the right side of the program status line, the application icon willappear.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 26 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 27. Figure 338.18 Viewing information about Dekart Logon for Citrix ICA ClientIn order to view information about the application, it is necessary to press F1 or toright-click the mouse in the active window heading Figure 34A menu will appear (see Figure 34), in which you should select About, About DekartLogon for Citrix ICA Client will appear on your screen (see Figure 38). If the user isusing an un-registered version of the application then the window About DekartLogon for Citrix ICA Client will appear as it does in Figure 39.9 Working with Dekart Logon for Citrix ICA Client in monitoringmode9.1 Launch the application in monitoring mode• After installation of DLCIC the application appears in the Startup Menu. There- fore, upon starting your computer, the application will automatically launch in monitoring mode.• The user may also launch the application in monitoring mode by double-clicking the mouse button on the desktop icon (see Figure 8).Upon successfully launching the application in monitoring mode, the user will beprompted to enter the PIN code (if required), after successful verification of the PINcode, the program icon will appear in the system tray (see Figure 33). If you right-click the mouse button on the icon, you will then see a list of allowed actions.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 27 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 28. Figure 359.2 Setting the automatic connection modeThe software can be set up to provide automatic connection with Citrix server once itdetects the insertion of the KSD:1. Right click the program icon in the system tray on your taskbar.2. Left-click the Auto Connect field in the appearing pop-up window. The Connect field will now be deactivated. Figure 369.3 Connecting with a Citrix ServerAfter launching the application in monitoring mode, connection to a Citrix server canbe accomplished by one of the following means:First methodThe user must press the left mouse button one time, while positioned on the applica-tion icon in the right part of the taskbar (see Figure 33).Second method• The user must press the right mouse button one time, while positioned on the ap- plication icon in the right part of the taskbar (see Figure 33).• In the menu that appears, select Connect.Third methodThe user must press the left mouse button, two times, while positioned on the applica-tion icon in the right part of the status bar (see Figure 8).Fourth methodDSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 28 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 29. If the user has set up the automatic connection mode (see par. 9.2), then the connec-tion is established only after the KSD is inserted and the user is successfully authenti-cated (two-factor or three-factor authentication).After performing the above procedures, the Citrix connection progress window willappear (see Figure 37). Figure 379.4 Disconnecting from the Citrix-serverIn order to disconnect from the Citrix-server, the user needs only to disconnect theKSD from the computer.9.5 Switching from monitoring mode to management modeWhen DLCIC runs in monitoring mode, the user may require to change the parame-ters of the ICA-connection, which requires that he switches the application to man-agement mode. In order to accomplish this, it is necessary to do the following:• Right click the mouse button on the application icon in status bar (see Figure 33).• In the menu that appears, select Restore.After successful completion of the operation, the application window will appear (seeFigure 17).9.6 Changing work mode (temporarily turning off monitoring mode)If the user requires that DLCIC should temporarily cease to react to disconnect-ing/connecting of the KSD to the computer, that is, to temporarily stop the applicationfrom being removed from memory when the KSD is either connected or disconnected,then the following steps should be performed:• Right-click on the mouse button, while positioned over the application icon in the right part of the status bar (see Figure 33).• In the appearing window, select Disable. After performing this operation, the menu will display and the Enable menu will become active (the Disable function in the menu will now be de-activated).In order to return to the monitoring mode, it is necessary to select Enable, from thepop-up icon. After completion of this operation, the Disable function will then be ac-tivated (the Enable function will be de-activated at this point.) - see Figure 35.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 29 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 30. 9.7 Viewing information about Dekart Logon for Citrix ICA ClientIn order to view information about the application, it is necessary to select About.The screen will then display the About Dekart Logon for Citrix ICA Client window.Note: If the user is using an unregistered copy of the application then the windowAbout Dekart Logon for Citrix ICA Client will appear as shown in Figure 39. Figure 389.8 Exiting Dekart Logon for Citrix ICA ClientIn order to exit from DLCIC and to remove the application from memory it is neces-sary to:• Right-click the mouse button while positioned over the application icon in the right portion of the status bar (see Figure 33).• In the menu that appears, select Exit.10 Biometric authentication in Dekart Logon for Citrix ICA ClientIf the three-factor authentication is enabled (the Enable Biometric ID verificationcheckbox checked in the Change Biometric ID window), the biometric authentica-tion will be required after the user launches DLCIC, and the PIN for the KSD is suc-cessfully verified (if the user has set the PIN protection for the KSD). The softwarewill automatically read the biometric templates stored on the KSD and will offer theuser to provide his biometric data (scan the fingerprints, speak the authenticationDSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 30 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 31. phrase etc.). In case the BIO ID provided by the user is not identical with the tem-plates stored on the KSD, the user will be required to repeat the biometric authentica-tion. Authentication routine will be finished only when the data provided by the userwill be identical to the biometric templates stored on the KSD. The biometric ap-proach ensures that only authorized user can get access to Citrix-server.11 Registering Dekart Logon for Citrix ICA ClientIn order to register the application, if this has not been done during the installationprocedure, it is necessary to go to the window About Dekart Logon for Citrix ICA Cli-ent, and enter the registration information in the proper fields. Figure 39Please, obtain a registration number at Software Registration (Register) page atwww.dekart.com. In case you use licensed Dekart software, please, submit your li-cense key to receive your registration number via email. If you use shareware pro-grams, please, use Dekart Buy on-line page to purchase your registration number. Af-ter your transaction is processed, you will receive an email with the registration num-ber.DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 31 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 32. AttachmentDevice characteristics of KSD (PIN-codes, memory size) Table 1 PIN-code for Allowed Allowed Memory KSD name applications/ de- wrong PIN attempts to size (kB) vice code entries unblock KSD Aladdin PIN-code 3 3 16, 32, 64 eToken PRO for applications Aladdin PIN-code G - 16, 32, 64 eToken R2 for device Schlumberger PIN-code 3 3 4, 8 Multiflex for applications Schlumberger PIN-code 3 3 8, 16 Cryptoflex for applications Schlumberger PIN-code 3 3 4 Payflex for applications Rainbow PIN-code 3 3 8, 32 iKey 1000 for device Rainbow PIN-code 10 0 8, 32 iKey 2000 for device Rainbow PIN-code 10 0 8, 32 iKey 2032 for device Rainbow PIN-code 3 3 32 iKey 3000 for applications Eutron PIN-code CryptoIdentity 3 3 32 for applications ITSEC Eutron PIN-code 3 3 8CryptoIdentity 4 for applications Eutron PIN-code 3 3 32, 64CryptoIdentity 5 for applications Datakey PIN-code 10 0 8, 32 Model 310 for device Datakey PIN-code 10 0 8, 32 Model 330 for device PIN-code GemPlus GPK 3 3 2, 4, 8, 16 for applications PIN-code ruToken 3 12 8, 16, 128 for deviceNote 1. Key storage device can have one PIN-code for all Dekart applications, andanother PIN code for other applications, or a single PIN code for the deviceDSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 32 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 33. Note2. Most KSD’s have a maximum number of allowed attempts for entering aPIN code. When the maximum number of attempts has been achieved, the KSD isthen blocked. If the correct PIN code is entered during the un-blocking operation,then the KSD will once again be operational. If during the un-blocking operation,the incorrect PIN code is entered, the KSD will be permanently blocked.Error messages Table 2 Error message Possible reason User actionKey Storage Device is KSD (smart-card or USB To- It is necessary to use anot formatted for Citrix ken) not formatted for KSD formatted for DLCIC.ICA Client Logon DLCIC.ATTENTION! Bad Wrong PIN code was entered. It is necessary to repeat thePIN code was entered! operation, and enter the correct PIN code. Attention! Multiple in- correct PIN code entries will result in blocking of the KSD! The number of allowable entries for the specific KSD is specified in Table 1.Key Storage Device is The KSD is blocked after the In order to un-block theblocked maximum of allowed at- KSD it is necessary to fol- tempts has been exceeded. low un-blocking instruc- tions. «Un-blocking the KSD» (key Unblock PIN) or contact your administra- tor. Attention! If during the un-blocking operation, the incorrect PIN code is entered, the KSD will be permanently blocked!KSD is not blocked yet User presses Unblock PIN No actions are required. button but KSD is not «Un-block KSD» (key Un- blocked yet. block PIN) since KSD is not blocked.Confirm PIN does not During PIN code change, the It is necessary to repeat thematch entries did not match. operation, and ensure that both PIN code entries match.PIN length must be at The entered PIN code is less It is necessary to repeat theleast 4 symbols than four characters. operation, and enter the proper length PIN code.Citrix ICA Client is not The computer does not have It is necessary to install Ci-DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 33 Copyright © Dekart – 2004 All trademarks are the property of their respective owners
  • 34. installed. Citrix ICA client installed. trix ICA ClientError working with An error has occurred while It is necessary to repeat theKey Storage Device working with the KSD operation. In the event the problem persists, please contact the administrator.Error writing data to An error has occurred while The user should usethe KSD (Not enough writing data KSD. Most likely Dekart Key Manager (orfree space on KSD) cause is not enough free space similar utility) to free space on the KSD. on the KSD.ICA Connection is not The operation cannot be com- Using the mouse, select aselected pleted because not ICA valid ICA connection, and connection has been selected. repeat the process.Biometric verification The BIO ID provided by the Repeat biometric verifica-failed! user is not identical with the tion procedure. one stored on the KSD.Note: If you receive any other error messages other than those listed above, pleasecontact your administrator.Appearance of window during KSD operationsDuring any operations with the KSD, you will see a message appear on the screen asfollows: “Key Storage Device Operations. Please wait…”When the biometric information is read or written from the KSD, the following mes-sage appears: Figure 40DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 34 Copyright © Dekart – 2004 All trademarks are the property of their respective owners