Citrix Secure Mail is a feature-rich mail client that comes with Citrix Endpoint Management (a.k.a. Citrix XenMobile). With Citrix Secure Mail you can enforce Mobile Application Management (MAM) policies to secure and containerize business data. You can also pre-configure the users mail account.
When publish Citrix Secure Mail with default settings (including the users mail account), the end user is asked to enter their password the first time the Secure Mail App is started as shown in the following screenshot.
However, it is possible to configure Secure Mail with SSO in a few simple steps. This so that users no longer have to enter their password when they start Secure Mail for the first time. In this blog I will show you step-by-step how to configure this.
Autodiscovery
The first step is to configure Citrix XenMobile Autodiscovery. You can do this via the XenMobile tools site (link here). You can find the step-by-step instructions for Autodiscovery here.
For Secure Mail SSO it is important that User ID Type is set to E-mail address on the WorxHome Info page when configuring Autodiscovery. See also the next screenshot.
Client Properties
The second step is to configure and create some Citrix XenMobile Client Properties. Within the Citrix XenMobile admin console go to the settings page.
Open Client Properties
Make sure that the value of ENABLE_PASSCODE_AUTH and ENABLE_PASSWORD_CACHING are set to true
Click the Add button and add the following Client Property;
Key: Custom Key
Key: ENABLE_CREDENTIAL_STORE
Value: true
Name: Credential Store
Description: Credential Store
Click Save
Click the Add button one more time and add the following Client Property;
Key: Custom Key
Key: SEND_LDAP_ATTRIBUTES
Value: userPrincipalName=${user.userprincipalname},sAMAccountNAme=${user.samaccountname}, displayName= ${ user.displayName} ,mail= ${ user.mail}
Name: LDAP Attributes
Description: LDAP Attributes for SSON
Click Save
Server Properties
The next step is to create some Citrix XenMobile Server Properties. Within the Citrix XenMobile admin console go to the settings page.
Open the Server Properties page.
Click the Add button
Add the following Server Property;
Key: Custom Key
Key: MAM_MACRO_SUPPORT
Value: true
Display name: MAM Macro Support
Description: MAM Macro Support
Click Save
Restart the XenMobile server via CLI (in case of a XenMobile cluster, restart all the XenMobile nodes).
Configure Citrix Secure Mail
In the final step we need to set some special settings within the Citrix Secure Mail client policies.
Within the Citrix XenMobile admin console navigate to; Configure > Apps
Select Secure Mail and click Edit
Open the iOS page (repeat this steps for Android) page and browse to App Settings. Make sure the Secure Mail Exchange Server and Secure Mail user domain are empty.
Scroll down a little bit further and configure the following settings;
Initial authentication mechanism: User email address
Initial authentication credentials: userPrincipalName (or sAMAccountName if that is the authentication type used to authenticate against the Exchange Server)
Save the configuration of Secure Mail after changing also the Android settings.
Test the new configuration
For this test I reinstalled Secure Mail so that the new configuration is active immediately.
When I open Secure Mail for the first time I need to Authorize the app as you can see on the right.
After the Secure Mail is authorized, Secure Mail is automatically restarting and starts configuring my mail account. A few seconds later the folders are downloading and my mailbox is ready for use without the need to enter my password.
