More Related Content
Similar to Icalogoneng (20)
More from CompaniaDekartSRL
More from CompaniaDekartSRL (20)
Icalogoneng
- 2. Annotation
This document is a general users guide for DEKART Logon for Citrix ICA
Client.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 2
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 3. Contents
1 Terminology (glossary)....................................................................................................................5
2 Function of Dekart Logon for Citrix ICA client ............................................................................6
3 General description..........................................................................................................................6
3.1 Security principles of Dekart Logon for Citrix ICA Client ................................................6
3.2 Features of Dekart Logon for Citrix ICA Client .................................................................6
3.3 Product components ...............................................................................................................6
3.4 System requirements ..............................................................................................................7
4 Installation of Dekart Logon for Citrix ICA Client........................................................................9
5 Updating Dekart Logon for Citrix ICA Client..............................................................................12
6 Removing (un-install) Dekart Logon for Citrix ICA Client .........................................................14
7 Working with Dekart Logon for Citrix ICA Client.......................................................................14
8 Working with Dekart Logon for Citrix ICA Client in management mode ..................................15
8.1 Launch the application in management mode ...................................................................15
8.2 Preparing the KSD for use with the application ................................................................18
8.3 Adding BIO ID to KSD ........................................................................................................19
8.4 Servicing the KSD.................................................................................................................21
8.5 Changing the PIN Code........................................................................................................22
8.6 Changing the BIO ID............................................................................................................23
8.7 Changing the label for the KSD...........................................................................................23
8.8 Clearing the KSD..................................................................................................................23
8.9 Unblocking the KSD .............................................................................................................24
8.10 Operations with ICA-connection list..................................................................................25
8.11 Additions/edits to ICA connections .....................................................................................25
8.12 Deleting ICA-connections from the list...............................................................................25
8.13 Storing an ICA-connection to the KSD...............................................................................26
8.14 Transferring the ICA connection from the list to the KSD...............................................26
8.15 Re-instating the ICA connection in the list, from the KSD ...............................................26
8.16 Connecting to a Citrix server...............................................................................................26
8.17 Transfer from management mode to monitoring mode ....................................................26
8.18 Viewing information regarding Dekart Logon for Citrix ICA Client..............................27
9 Working with Dekart Logon for Citrix ICA Client in monitoring mode .....................................27
9.1 Launch the application in monitoring mode ......................................................................27
9.2 Setting the automatic connection mode ..............................................................................28
9.3 Connecting with a Citrix Server.........................................................................................28
9.4 Disconnecting from the Citrix-server..................................................................................29
9.5 Switching from monitoring mode to management monde ................................................29
9.6 Changing work mode (temporarily turning off monitoring mode) ..................................29
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 3
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 4. 9.7 Viewing information about Dekart Logon for Citrix ICA Client.....................................30
9.8 Exiting Dekart Logon for Citrix ICA Client ......................................................................30
10 Biometric authentication in Dekart Logon for Citrix ICA Client ............................................30
11 Registering Dekart Logon for Citrix ICA Client ......................................................................31
Attachment.............................................................................................................................................32
Device characteristics of KSD (PIN-codes, memory size) .............................................................32
Error messages..................................................................................................................................33
Appearance of window during KSD operations ............................................................................33
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 4
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 5. 1 Terminology (glossary)
Dekart Logon for Citrix ICA Client (DLCIC) – name of the product.
ICA-connection (Citrix ICA connection) – personal data required to access a Citrix
server (address, domain, password, etc.).
KSD (Key Storage Device) – A device where personal information is stored (data
necessary to access and work with a Citrix server). A KSD can be either smart card or
USB token. The KSD can be secured with a PIN code, or can work without PIN.
PIN (Personal Identification Number) – A personal identification number that is
used to access information stored on the KSD. The PIN code length can be from 4 to
8 characters, and should always be memorized, or be in the possession of only the
KSD holder.
Biometric Authentication - user authentication based on verification of specific
physical characteristics of the user by means of special biometric equipment. Biomet-
ric authentication can be based on verification of fingerprints, iris, voice, and other
specific characteristics of human body.
Two-Factor Authentication - this is a process controlling the authenticity of the
user’s identity on the basis of the two following factors: “Something You Have – for
example, the KSD device” and “Something You Know — for example, the user name
and password, PIN-code”.
Three-factor authentication - is a process controlling the authenticity of the user’s
identity on the basis of the three following factors: “Something You Have – for exam-
ple, the KSD”, “Something You Know — for example, the PIN code”, “Something
You are – for example, the user's BIO ID”.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 5
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 6. 2 Scope of Dekart Logon for Citrix ICA client
Dekart Logon for Citrix ICA Client is intended to provide secure access to Citrix
server resources.
3 General description
Dekart Logon for Citrix ICA Client is a combined software and hardware solution
that provides secure user access to a Citrix server, and its resources, by means of
strong (2 and 3 factor) authentication.
3.1 Security principles of Dekart Logon for Citrix ICA Client
1. Security for Dekart Logon for Citrix ICA Client is provided by a KSD (PIN code
protected) that contains the ICA-connection details and user's BIO ID. The user
no longer needs to store the connection data on a hard drive, and three-factor
authentication reduces the risk of information losses in the event that the KSD is
lost or stolen.
2. In order to access a Citrix server and its resources, it is enough to connect the
KSD to the computer, enter the correct PIN Code and pass biometric verification
procedure (voice, fingerprint etc.). When the KSD is removed, the connection to
the Citrix server is terminated.
3. KSD will block upon multiple wrong PIN code entries. Note. Different KSDs
have different error counters, allowing from 3 to 10 attempts to enter the wrong
PIN code before blocking the KSD (see appendix).
3.2 Features of Dekart Logon for Citrix ICA Client
1. Ease of use – it is no longer necessary to remember or enter the access codes to
the Citrix server.
2. Mobility – the ICA-connection is stored on the KSD, and therefore access to the
Citrix server can be gained from any computer. It is enough to connect the KSD
and enter the correct PIN code.
3. Interoperability – the KSD can be used not only for DLCIC, but also for a variety
of additional applications: Dekart Logon and/or Dekart Private Disk, as well as
others.
3.3 Product components
Product components include the application, documentation and the KSD. The KSD
acts as the unique means of access to a Citrix server.
The KSD can be any of the devices below (depends on customer prefer-
ences/requirements)
• Aladdin eToken PRO;
• Aladdin eToken R2;
• Datakey Model 310;
• Datakey Model 330;
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 6
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 7. • Eutron CryptoIdentity ITSEC;
• Eutron CryptoIdentity 4;
• Eutron CryptoIdentity 5;
• GemPlus GPK;
• Rainbow iKey 1000;
• Rainbow iKey 2000;
• Rainbow iKey 2032;
• Rainbow iKey 3000;
• Schlumberger Multiflex;
• Schlumberger Cryptoflex;
• Schlumberger Payflex.
Attention! Before you purchase a USB token or smart card, please make sure that it
has enough memory to store the ICA-connection. Take into account that the part of
KSD memory may be allocated to other data, e.g. BIO ID. You can determine the
memory usage of the card and read the USB token or smart card using the Dekart Key
Manager Utility, as well as delete all unnecessary information using Dekart Key Man-
ager or format the token or smart card using a Key Formatting utility or Corporate
Key formatting utility.
Note1. Certain user characteristics are described in the appendix.
Note2. Dekart delivers all KSDs without a predefined PIN code.
3.4 System requirements
Hardware requirements
• Personal computer, with at least a single port (COM, or USB) for KSD connec-
tion.
• In the event a smart card is utilized, the card reader must be PC/SC compatible.
• If the user prefers to use three-factor authentication, a biometric device should be
used, e.g. BioLink U-Match Mouse.
Software requirements
• Operating System: Windows 98, NT4.0, 2000, ME, XP.
• Citrix ICA Client for Windows 32 bit (Full Program Neighborhood Version 7.00
and higher).
• KSD drivers (usually provided with the product, or can be downloaded from the
KSD manufacturers’ web site.
• Drivers of biometric device.
Note: The Citrix ICA Client must have at least one ICA-connection. During ICA-
connection setup, it is necessary to specify: User name, Password, Domain, and set
flag: Save password.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 7
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 8. Attention!
In order to receive complete information about the Citrix ICA Client (setup, proce-
dures, and other specifics), you should contact Citrix Systems, Inc., or visit their web
site www.citrix.com.
Detailed information about biometric devices, used for authentication (features, soft-
ware etc.) can be obtained from BioAPI Consortium at www.bioapi.org.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 8
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 9. 4 Installation of Dekart Logon for Citrix ICA Client
1. Before beginning installation of the software, you must close all open applica-
tions.
2. In order to enable three-factor authentication, the biometric device should be con-
nected and its drivers should be installed.
Note: If the user hasn't previously installed the software working with biometric
devices, then BioAPI Framework should be installed on the computer before in-
stalling device drivers (the BioAPI Framework can be downloaded from
www.bioapi.org, Implementation section).
3. In order to install Dekart Logon for Citrix ICA Client you must launch the pro-
gram: ICALogon.exe.
4. In the appearing window select Next.
Figure 1
5. The licensing agreement window appears. You must accept the license agreement
before you can proceed with installation.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 9
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 10. Figure 2
6. The next step requires that you enter your personal information, and the serial
number of the product.
Figure 3
7. You must then select the folder where the Dekart Logon for Citrix ICA Client
software is to be installed.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 10
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 11. Figure 4
8. You must then select the folder in the Start Menu, where the Dekart Logon for
Citrix ICA Client software is to be added.
Figure 5
9. The final step in the installation process requires that you press Finish.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 11
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 12. Figure 6
After this process is completed, the program will copy the necessary files, and the in-
stallation procedure will be complete.
Figure 7
The following icon will appear on your desktop, as shown in Figure 8
Figure 8
5 Updating Dekart Logon for Citrix ICA Client
1. The next time you launch the setup program, the installation program will auto-
matically check for the presence of an earlier version, and will display all neces-
sary information in the icon below.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 12
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 13. Figure 9
2. In order to continue the process, you must press Next. You must accept the license
agreement before you can proceed to upgrade.
3. Click the Finish button to terminate the update process.
Figure 10
Upon completion of the above steps, the program will copy the installation files. In
the event that you are updating the application, all updated files will then be copied.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 13
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 14. Figure 11
Note: After updating Dekart Logon for Citrix ICA Client, it is necessary to restart
your computer.
6 Removing (un-installing) Dekart Logon for Citrix ICA Client
In order to remove the software follow these steps:
1. Select Programs menu in Start Menu, locate the folder you have entered in step
7 when installing the program (see par. 4), select Uninstall (alternatively, you can
go to Control Panel, select Add or Remove Programs, select the program name
in the list and press the Uninstall button). The following message will appear:
Figure 12
In order to confirm your intention to remove Dekart Logon for Citrix ICA Client press
Yes.
2. After successful completion of the de-installation process the following message
will appear:
Figure 13
7 Working with Dekart Logon for Citrix ICA Client
The DLCIC application can function in two modes – management mode and monitor-
ing mode. The first mode (management) allows you to setup the KSD for user access
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 14
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 15. to a Citrix server, and to manage the KSD. The second mode (monitoring) enables the
user to easily connect to a Citrix server.
Management mode capabilities:
Change PIN Change the PIN code
Change Label Change KSD label
Change BIO ID Change biometric identifier
Unblock PIN Unblock the PIN code
Clear KSD Clear KSD
Add/Edit Add or edit the ICA-connection parameters
Remove Remove the ICA-connection from the list
Store to KSD Store the ICA-connection on the KSD (without removing
from the list)
Move to KSD Store the ICA-connection on the KSD with simultaneous
removal from the list.
Restore from Restore the ICA-connection from the KSD to the list.
KSD
Connect to… Connect to the Citrix-server in compliance with the ICA-
connection stored on the KSD
Minimize Close the window and transfer from management mode to
monitoring mode.
Exit Close the application
Operations available in Management Mode:
Connect Connection to Citrix server, according to ICA connection
stored on the KSD
Auto Connect Set automatic connection mode on KSD insertion
Restore Change from monitoring mode to management mode
Enable/Disable Enable/disable monitoring mode
Exit Close application
About Information about the application
8 Working with Dekart Logon for Citrix ICA Client in manage-
ment mode
8.1 Launch the application in management mode
1. Attach the KSD to the computer.
2. Launching the application can be accomplished by the following means:
• In the Start Menu select Programs, and then select the folder where the ap-
plication is stored (see step 7 in par.4).
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 15
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 16. Figure 14
• Or, in Windows Explorer, open the folder indicated in par. 6 in the installation
procedure (see par.4).
Figure 15
If the KSD is PIN code protected, you will see a window requesting for the PIN code
before allowing you to access the system.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 16
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 17. Figure 16
3. The user must enter the PIN code and press OK.
Attention! KSD will block upon multiple wrong PIN code entries. Please, be care-
ful.
The number of allowable incorrect entries varies according to the KSD manufac-
turer, and the application.
Note: If the BIO ID is stored on the KSD, the software will automatically detect it
and will attempt to conduct biometric authentication.
After successful authentication you will see the main application window.
Figure 17
If the application is launched without the KSD, then the main application window will
appear as shown in Figure 18:
Figure 18
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 17
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 18. In this case, the user must connect the KSD to the computer, and enter the PIN code,
if necessary.
8.2 Preparing the KSD for use with the application
After launching the software, and connecting a new KSD, and if required, the PIN
code verification (see par 8.1) the following window will appear:
Figure 19
In the left hand side of the table Citrix ICA Connections, all settings for ICA Connec-
tions (from the file appsrv.ini), will be visible. In the right hand portion of the table,
you will see data pertaining to the KSD(s) connect to the computer. In the first col-
umn (Key Storage Device reader) you will see the reader(s) for the KSD (reader(s) for
smart cards or USB tokens). In the second column (KSD Label or ID) – label or ID of
the KSD, in the third column (Custom ICA Connection) – ICA-connection.
Note: if the KSD is new, then in the filed KSD Label or ID, you will see the serial
number of the device. The user can change this parameter later.
1. The user should left-click the KSD name to select the KSD (key storage device)
being used.
Figure 20
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 18
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 19. After this, the Change PIN, Change Label, Change BIO ID, Clear KSD buttons
are activated.
2. Select the ICA-connection in the Citrix ICA Connection field. At this point the
Store to KSD, Move to KSD, Remove buttons are activated.
Figure 21
3. In order to store the ICA-connection on the KSD, the user must press either the
Store to KSD, or Move to KSD. In the first case the ICA-connection will be
listed as an active ICA-connection (see Figure 22), in the second case, the ICA
connection will be deleted from the list. After this procedure, the Restore from
KSD button is activated.
Figure 22
At this point, all preliminary procedures to make the KSD ready for work are com-
pleted.
Note. In order to increase security, it is highly recommended that you assign a PIN
code with the assistance of the “Change PIN” feature.
8.3 Adding BIO ID to KSD
In order to enable three-factor authentication, the KSD should store user's biometric
identifiers.
Note: The choice of biometric device is determined by the physiological characteris-
tics of user and the location of his computer.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 19
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 20. In order to add BIO ID do the following:
1. Click the "Change BIO ID" button in program window. The window with the
list of installed drivers for biometric devices will appear.
Figure 23
2. Check the "Enable Biometric ID verification" checkbox and choose the biomet-
ric device from the list.
3. If the fingerprint scanner is used, e.g. BioLink U-Match, the user will be required
to provide his fingerprints for scanning for several times. As soon as the scanning
procedure is complete, the user's BIO ID is stored on the KSD.
Figure 23
If the voice recognition device is used, e.g. SAFLINK Scansoft Voice Verification,
the user will be required to speak the key phrase into a microphone to create his voice
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 20
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 21. template (Figure 24). After the voice template is created, the information is stored on
the KSD.
Figure 24
8.4 Managing the KSD
In order to change parameters for the KSD and the information stored therein, it is
necessary to do the following:
1. Launch the application, and connect the KSD, then enter the PIN code (see
par.8.1).
2. Using the mouse select the currently used KSD in Key Storage Device (KSD).
Afterwards, the application window will appear as shown in Figure 22. At this point
the user can perform the following functions with the KSD:
• Change the PIN code (see par.8.5);
• Change the label for the KSD (see par.8.7);
• Change BIO ID (see par.8.6);
• Clear the KSD (see par. 8.8);
• Un-block the PIN-code (see par.8.9);
• Change the ICA-connection in the KSD (see par.8.10).
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 21
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 22. 8.5 Changing the PIN Code
In order to change the PIN code, you must perform the following steps:
1. Launch the application (perform all steps in par.8.1).
2. Using the mouse, select the KSD that is currently being used in Key Storage De-
vice (KSD).
3. Then press Change PIN. The following dialog box will appear: (Figure 25).
Figure 25
4. In the field new PIN code, enter the new PIN cod, or leave it blank (in order to
work without a PIN code) then press DE.
Note: The PIN code length varies from 4 to 8 symbols.
5. You will then be prompted to confirm the new PIN code, press DE.
Figure 26
After successful completion of the operation, you will see the following message.
Figure 27
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 22
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 23. 8.6 Changing the BIO ID
In order to change BIO ID (if it has been previously stored on the KSD) do the fol-
lowing:
1. Launch the program.
2. Click the "Change BIO ID" button in the program window. The Change Bio-
metric ID window with the list of installed drivers of biometric devices will ap-
pear, as shown in Figure 23.
3. Select the biometric device from the list.
4. Depending on the type of the selected device enter the required biometric informa-
tion (fingerprint, voice). After the succession of biometric scans, the template will
be stored on the KSD.
Note: In order to stop using biometric authentication, the user should uncheck the
Enable Biometric ID verification checkbox in the Change Biometric ID win-
dow.
8.7 Changing the label for the KSD
The label for the KSD contains the information about the owner of the device. The
field can contain the name of the user, or any other pertinent information you wish to
enter into the field. In order to change the label of the KSD, it is necessary to:
1. Launch the application (complete all steps outlined in par8.1).
2. Using your mouse, select the appropriate KSD in Key Storage Device (KSD).
3. Then press the Change Label button. The following dialog box will appear:
(Figure 28).
Figure 28
3. In the field new Label, you must select the new label for the KSD and press DE.
In order to clear the label new Label, you should leave the field blank and then
press DE (in this case, in the field KSD Label or ID, the serial number will be
stored – see Figure 22).
Note: The KSD label cannot be more than 32 characters long.
8.8 Clearing the KSD
Attention! Performing this operation will erase all data from the device, including
all ICA connections!
In order to perform this operation it is necessary to take the following steps:
1. Launch the application (perform all steps in par. 8.1).
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 23
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 24. 2. Using your mouse, select the KSD being used in Key Storage Device (KSD).
3. Then select Clear KSD. The application will ask you to confirm the operation
(Figure 29).
Figure 29
3. In order to perform the operation, you should pressDE. After performing the op-
eration, the window will appear below (Figure 30)
Figure 30
8.9 Unblocking the KSD
After several incorrect PIN code entries, the KSD will be blocked. In order to unblock
the KSD, you should launch the application, and in the main window select Unblock
PIN.
Figure 31
You will then be prompted to enter the PIN code.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 24
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 25. Figure 32
If the PIN code is incorrectly entered, the KSD will be permanently blocked!
Note: The number of allowable attempts for de-blocking the KSD will vary accord-
ing to the application, and type of KSD.
8.10 Operations with ICA-connection list
After launching the application (see par.8.1), the user may edit the ICA connection
list:
• Add or edit the parameters for a specific ICA connection within the list (see
par.8.11);
• Delete an ICA connection from the list (see par.8.12);
• Store an ICA connection on the KSD (see par. 8.13);
• Transfer an ICA connection to the KSD (see par. 8.14);
• Reinstate an ICA connection from the KSD to the list (see par.8.15).
8.11 Additions/edits to ICA connections
In order to add or edit the parameters for a specific ICA connection in a list
(Add/Edit button is active after launching the application, even if the KSD is not at-
tached).
In order to perform this operation it is necessary to:
1. Launch the application (perform all steps in par 8.1).
2. Press Add/Edit. At this time the Citrix ICA Client application will be launched
(Citrix Program Neighborhood – Custom ICA Connections), which will allow the
user to make the desired changes. After the application Citrix Program Neighbor-
hood – Custom ICA Connections is closed, the DLCIC window will appear.
Note: During ICA-connection addition or editing, it is necessary to specify: User
name, Password, Domain, and set flag: Save password.
8.12 Deleting ICA-connections from the list
In order to delete a specific ICA-connection from the list it is necessary to:
1. Launch the application (perform all steps in par.8.1).
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 25
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 26. 2. Using the mouse, select the ICA-connection from the list: Custom ICA Connec-
tions and press Remove.
3. In order to continue working with the ICA-connection list, you must click on an
empty field in the Key Storage Device (KSD) table, and then once again using the
mouse select the KSD.
8.13 Storing an ICA-connection on the KSD
In order to store a specific ICA-connection from the list on the KSD it is necessary to:
1. Launch the application (perform all of the steps in par.8.1).
2. Using the mouse, select the active KSD in Key Storage Device (KSD).
3. In the Custom ICA Connections list select the required ICA-connection and press
Store to KSD. The selected ICA-connection will appear in the Custom ICA Con-
nection field of the Key Storage Device (KSD) table.
8.14 Transferring the ICA connection from the list to the KSD
In order to transfer a specific ICA connection from the list to the KSD, it is necessary
to:
1. Launch the application (follow all steps in par. 8.1).
2. Using your mouse, select the active KSD in Key Storage Device (KSD).
In the list Custom ICA Connections, using the mouse, select the required ICA connec-
tion, and press Move to KSD. The selected ICA-connection will appear in the Custom
ICA Connection field of the Key Storage Device (KSD) table, and will disappear from
the list of Custom ICA Connections.
8.15 Re-instating the ICA connection in the list, from the KSD
In order to retrieve the ICA connection from the KSD it is necessary to:
1. Launch the application (follow all steps in par. 8.1).
2. Using your mouse, select the active KSD in Key Storage Device (KSD).
3. Press Restore from KSD.
8.16 Connecting to a Citrix server
In order to connect to a Citrix server, it is necessary to follow all of the steps in
par.8.1, select the active KSD in Key Storage Device (KSD), press Connect to….
The connection process to the Citrix server will now begin, corresponding to the pa-
rameters of the ICA connection stored on the KSD.
Note: After successful connection to the Citrix server, the connection stored on the
KSD will be deleted from the list of ICA connections (Custom ICA Connections), if
this has not already been previously done.
8.17 Transfer from management mode to monitoring mode
In order for the application to transfer from the management mode to monitoring
mode, it is necessary to press Minimize, in the main window. Upon completion of
this operation, on the right side of the program status line, the application icon will
appear.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 26
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 27. Figure 33
8.18 Viewing information about Dekart Logon for Citrix ICA Client
In order to view information about the application, it is necessary to press F1 or to
right-click the mouse in the active window heading
Figure 34
A menu will appear (see Figure 34), in which you should select About, About Dekart
Logon for Citrix ICA Client will appear on your screen (see Figure 38). If the user is
using an un-registered version of the application then the window About Dekart
Logon for Citrix ICA Client will appear as it does in Figure 39.
9 Working with Dekart Logon for Citrix ICA Client in monitoring
mode
9.1 Launch the application in monitoring mode
• After installation of DLCIC the application appears in the Startup Menu. There-
fore, upon starting your computer, the application will automatically launch in
monitoring mode.
• The user may also launch the application in monitoring mode by double-clicking
the mouse button on the desktop icon (see Figure 8).
Upon successfully launching the application in monitoring mode, the user will be
prompted to enter the PIN code (if required), after successful verification of the PIN
code, the program icon will appear in the system tray (see Figure 33). If you right-
click the mouse button on the icon, you will then see a list of allowed actions.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 27
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 28. Figure 35
9.2 Setting the automatic connection mode
The software can be set up to provide automatic connection with Citrix server once it
detects the insertion of the KSD:
1. Right click the program icon in the system tray on your taskbar.
2. Left-click the Auto Connect field in the appearing pop-up window. The Connect
field will now be deactivated.
Figure 36
9.3 Connecting with a Citrix Server
After launching the application in monitoring mode, connection to a Citrix server can
be accomplished by one of the following means:
First method
The user must press the left mouse button one time, while positioned on the applica-
tion icon in the right part of the taskbar (see Figure 33).
Second method
• The user must press the right mouse button one time, while positioned on the ap-
plication icon in the right part of the taskbar (see Figure 33).
• In the menu that appears, select Connect.
Third method
The user must press the left mouse button, two times, while positioned on the applica-
tion icon in the right part of the status bar (see Figure 8).
Fourth method
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 28
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 29. If the user has set up the automatic connection mode (see par. 9.2), then the connec-
tion is established only after the KSD is inserted and the user is successfully authenti-
cated (two-factor or three-factor authentication).
After performing the above procedures, the Citrix connection progress window will
appear (see Figure 37).
Figure 37
9.4 Disconnecting from the Citrix-server
In order to disconnect from the Citrix-server, the user needs only to disconnect the
KSD from the computer.
9.5 Switching from monitoring mode to management mode
When DLCIC runs in monitoring mode, the user may require to change the parame-
ters of the ICA-connection, which requires that he switches the application to man-
agement mode. In order to accomplish this, it is necessary to do the following:
• Right click the mouse button on the application icon in status bar (see Figure 33).
• In the menu that appears, select Restore.
After successful completion of the operation, the application window will appear (see
Figure 17).
9.6 Changing work mode (temporarily turning off monitoring mode)
If the user requires that DLCIC should temporarily cease to react to disconnect-
ing/connecting of the KSD to the computer, that is, to temporarily stop the application
from being removed from memory when the KSD is either connected or disconnected,
then the following steps should be performed:
• Right-click on the mouse button, while positioned over the application icon in the
right part of the status bar (see Figure 33).
• In the appearing window, select Disable. After performing this operation, the
menu will display and the Enable menu will become active (the Disable function
in the menu will now be de-activated).
In order to return to the monitoring mode, it is necessary to select Enable, from the
pop-up icon. After completion of this operation, the Disable function will then be ac-
tivated (the Enable function will be de-activated at this point.) - see Figure 35.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 29
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 30. 9.7 Viewing information about Dekart Logon for Citrix ICA Client
In order to view information about the application, it is necessary to select About.
The screen will then display the About Dekart Logon for Citrix ICA Client window.
Note: If the user is using an unregistered copy of the application then the window
About Dekart Logon for Citrix ICA Client will appear as shown in Figure 39.
Figure 38
9.8 Exiting Dekart Logon for Citrix ICA Client
In order to exit from DLCIC and to remove the application from memory it is neces-
sary to:
• Right-click the mouse button while positioned over the application icon in the
right portion of the status bar (see Figure 33).
• In the menu that appears, select Exit.
10 Biometric authentication in Dekart Logon for Citrix ICA Client
If the three-factor authentication is enabled (the Enable Biometric ID verification
checkbox checked in the Change Biometric ID window), the biometric authentica-
tion will be required after the user launches DLCIC, and the PIN for the KSD is suc-
cessfully verified (if the user has set the PIN protection for the KSD). The software
will automatically read the biometric templates stored on the KSD and will offer the
user to provide his biometric data (scan the fingerprints, speak the authentication
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 30
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 31. phrase etc.). In case the BIO ID provided by the user is not identical with the tem-
plates stored on the KSD, the user will be required to repeat the biometric authentica-
tion. Authentication routine will be finished only when the data provided by the user
will be identical to the biometric templates stored on the KSD. The biometric ap-
proach ensures that only authorized user can get access to Citrix-server.
11 Registering Dekart Logon for Citrix ICA Client
In order to register the application, if this has not been done during the installation
procedure, it is necessary to go to the window About Dekart Logon for Citrix ICA Cli-
ent, and enter the registration information in the proper fields.
Figure 39
Please, obtain a registration number at Software Registration (Register) page at
www.dekart.com. In case you use licensed Dekart software, please, submit your li-
cense key to receive your registration number via email. If you use shareware pro-
grams, please, use Dekart Buy on-line page to purchase your registration number. Af-
ter your transaction is processed, you will receive an email with the registration num-
ber.
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 31
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 32. Attachment
Device characteristics of KSD (PIN-codes, memory size)
Table 1
PIN-code for Allowed Allowed
Memory
KSD name applications/ de- wrong PIN attempts to
size (kB)
vice code entries unblock KSD
Aladdin PIN-code
3 3 16, 32, 64
eToken PRO for applications
Aladdin PIN-code
G - 16, 32, 64
eToken R2 for device
Schlumberger PIN-code
3 3 4, 8
Multiflex for applications
Schlumberger PIN-code
3 3 8, 16
Cryptoflex for applications
Schlumberger PIN-code
3 3 4
Payflex for applications
Rainbow PIN-code
3 3 8, 32
iKey 1000 for device
Rainbow PIN-code
10 0 8, 32
iKey 2000 for device
Rainbow PIN-code
10 0 8, 32
iKey 2032 for device
Rainbow PIN-code
3 3 32
iKey 3000 for applications
Eutron
PIN-code
CryptoIdentity 3 3 32
for applications
ITSEC
Eutron PIN-code
3 3 8
CryptoIdentity 4 for applications
Eutron PIN-code
3 3 32, 64
CryptoIdentity 5 for applications
Datakey PIN-code
10 0 8, 32
Model 310 for device
Datakey PIN-code
10 0 8, 32
Model 330 for device
PIN-code
GemPlus GPK 3 3 2, 4, 8, 16
for applications
PIN-code
ruToken 3 12 8, 16, 128
for device
Note 1. Key storage device can have one PIN-code for all Dekart applications, and
another PIN code for other applications, or a single PIN code for the device
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 32
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 33. Note2. Most KSD’s have a maximum number of allowed attempts for entering a
PIN code. When the maximum number of attempts has been achieved, the KSD is
then blocked. If the correct PIN code is entered during the un-blocking operation,
then the KSD will once again be operational. If during the un-blocking operation,
the incorrect PIN code is entered, the KSD will be permanently blocked.
Error messages
Table 2
Error message Possible reason User action
Key Storage Device is KSD (smart-card or USB To- It is necessary to use a
not formatted for Citrix ken) not formatted for KSD formatted for DLCIC.
ICA Client Logon DLCIC.
ATTENTION! Bad Wrong PIN code was entered. It is necessary to repeat the
PIN code was entered! operation, and enter the
correct PIN code.
Attention! Multiple in-
correct PIN code entries
will result in blocking of
the KSD!
The number of allowable
entries for the specific
KSD is specified in Table
1.
Key Storage Device is The KSD is blocked after the In order to un-block the
blocked maximum of allowed at- KSD it is necessary to fol-
tempts has been exceeded. low un-blocking instruc-
tions. «Un-blocking the
KSD» (key Unblock PIN)
or contact your administra-
tor.
Attention! If during the
un-blocking operation,
the incorrect PIN code is
entered, the KSD will be
permanently blocked!
KSD is not blocked yet User presses Unblock PIN No actions are required.
button but KSD is not «Un-block KSD» (key Un-
blocked yet. block PIN) since KSD is
not blocked.
Confirm PIN does not During PIN code change, the It is necessary to repeat the
match entries did not match. operation, and ensure that
both PIN code entries
match.
PIN length must be at The entered PIN code is less It is necessary to repeat the
least 4 symbols than four characters. operation, and enter the
proper length PIN code.
Citrix ICA Client is not The computer does not have It is necessary to install Ci-
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 33
Copyright © Dekart – 2004
All trademarks are the property of their respective owners
- 34. installed. Citrix ICA client installed. trix ICA Client
Error working with An error has occurred while It is necessary to repeat the
Key Storage Device working with the KSD operation. In the event the
problem persists, please
contact the administrator.
Error writing data to An error has occurred while The user should use
the KSD (Not enough writing data KSD. Most likely Dekart Key Manager (or
free space on KSD) cause is not enough free space similar utility) to free space
on the KSD. on the KSD.
ICA Connection is not The operation cannot be com- Using the mouse, select a
selected pleted because not ICA valid ICA connection, and
connection has been selected. repeat the process.
Biometric verification The BIO ID provided by the Repeat biometric verifica-
failed! user is not identical with the tion procedure.
one stored on the KSD.
Note: If you receive any other error messages other than those listed above, please
contact your administrator.
Appearance of window during KSD operations
During any operations with the KSD, you will see a message appear on the screen as
follows: “Key Storage Device Operations. Please wait…”
When the biometric information is read or written from the KSD, the following mes-
sage appears:
Figure 40
DSSSCT File: icalogoneng.doc Ref.: DICALOGON001 Revision: 1.02 Page: 34
Copyright © Dekart – 2004
All trademarks are the property of their respective owners