IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.2

Model 3: Generic terminal session

A generic terminal configuration consists of a Server AccessAgent deployed on a generic terminal session.

A generic desktop session is hosted on a dedicated tier of the Citrix or Terminal Server. Different users can share access to applications hosted in the remote session from a thin client machine.

Important: This configuration is intended for thin client users.

In this configuration, thin client machines are constantly connected to the remote terminal session that is logged on to a generic low-privileged Active Directory account.

Server AccessAgent is configured to run in Shared Desktop mode on each terminal session. Users unlock into the terminal session by logging in through the Server AccessAgent ESSO Credential Provider.

This configuration is useful for scenarios where:
  • Applications are active in each terminal session because of long startup times.
  • AccessAgent automatically logs on and logs off different users from applications.

In this configuration, the users can unlock the remote session and log on to a Wallet with either a password or an RFID card.

Model 3 limitations

Consider the following single sign-on limitations in a terminal services deployment with generic terminal sessions:
  • Users can use only RFID as the second authentication factor device.
  • Users cannot roam terminal session.
Parent topic: AccessAgent on Citrix and Terminal Server Guide

Feedback