en-US citrix computer

Enhanced Domain passthrough for single sign-on

Citrix Workspace App

Supported on: All Citrix Workspace supported platforms

Description

This policy allows Citrix Workspace app to use Enhanced Domain passthrough for single sign-on. When this policy is enabled, the sign-in credentials (pass-through authentication) from the local machine are used to authenticate to the remote server without exchanging the actual username and password. This policy requires VDA version 2308 or later.

Registry

HKLM Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials

Value name: EnableEnhancedDomainPassthrough

Enabled: EnableEnhancedDomainPassthrough = true

Disabled: EnableEnhancedDomainPassthrough = false

REG Builder

BETA

Configure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.

These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.

.reg file

Windows Registry Editor Version 5.00

; Exported from gporais.com
; Policy: Enhanced Domain passthrough for single sign-on
; State: Enabled
; Supported on: All Citrix Workspace supported platforms

[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"EnableEnhancedDomainPassthrough"="true"