Shared Session Mode Settings

This section discusses Shared Session Mode (SSM) and the workflows it supports, as well as the settings that are required to enable QwickAccess for IGEL to use this mode on an IGEL endpoint. Shared Session Mode (SSM) is one of the two modes of operation that are supported by QwickAccess for IGEL, the other being Unique Session Mode (USM).

Important

In addition to SSM settings explained below, you must also set the required Basic Settings. Furthermore, you will need to configure each IGEL endpoint with a username, domain, and password that QwickAccess for IGEL can use to log into Citrix. See the section Additional Required SSM Settings below for instructions on this.

Shared Session Mode is used in the case where an organization hosts Epic Hyperdrive on Citrix and publishes it to IGEL endpoints. When in SSM, QwickAccess for IGEL will automatically launch and log into a Citrix session when the IGEL endpoint is started. This happens without any user interaction. The IGEL endpoint then becomes a kiosk where the same Citrix session can be used by multiple users. In this scenario, when the shared Citrix session is launched, the Epic Hyperdrive application is also launched. Users then can tap-in/out/over in Epic Hyperdrive, but the shared Citrix session stays connected.

Shared Session Mode can be configured using a number of settings to support a variety of workflows. However, since most organizations only use one or two of these workflows, this section will only discuss the settings needed to support the two most common workflows. If you find that your workflow scenario is not covered in this section, please reach out to Identity Automation support for the settings needed to support your desired workflow.

Workflow 1

This section describes one of the most common SSM workflows and the settings needed to enable it in QwickAccess for IGEL. Workflow 1 is as follows.

1. The IGEL endpoint is started.

2. QwickAccess for IGEL starts and uses the username, domain, and password assigned to that endpoint to launch and login to Citrix.

3. Epic Hyperdrive is launched automatically and is displayed on the IGEL endpoint.

4. User1 approaches the IGEL endpoint and taps their badge on the connected RFID reader.

5. User1 is logged into Hyperdrive and can begin their work.

6. When User1 needs to step away from their work, they tap their badge again and Hyperdrive secures (locks). Hyperdrive remains visible on the screen, but is secured.

7. At this point, one of the following can happen:

   1. User1 returns and taps their badge. Hyperdrive is unsecured (unlocked) and the user continues with their work where they left off, or

   2. A second user, User2, walks up and taps their badge. The first user, User1, is logged out of Hyperdrive and User2 is logged in, or

   3. User1 does not return and after a period of time QwickAccess for IGEL automatically logs User1 out of Hyperdrive.

Note that in this workflow Epic Hyperdrive can be in a number of states (logged off, logged on, secured, etc.), but it is always visible on the IGEL endpoint. Whereas in the next workflow, Workflow2, Epic Hyperdrive can be covered by the QwickAccess for IGEL Privacy Screen and therefore not visible in some states.

To configure QwickAccess for IGEL to use Workflow 1 on an IGEL endpoint, follow these steps:

1. Open and log into the IGEL UMS Console app.

2. Find the “QwickAccess for IGEL - Version 1.3.0” profile under the Profiles node of the Console app.

3. Double-click the “QwickAccess for IGEL - Version 1.3.0” profile to open the profile editor.

4. Navigate to System > Firmware Customization > Environment Variables > Additional area of the editor.

5. Edit the Value associated with each Variable name (don’t edit the Variable name, only the Value) to match settings in the table below.

6. Click Save to save your changes.

Important

You will also need to configure each IGEL endpoint with a username, domain, and password that QwickAccess for IGEL can use to log into Citrix. See the section Additional Required SSM Settings below for instructions on this.

Workflow 2

This section describes another common SSM workflow and the settings needed to enable it in QwickAccess for IGEL. Workflow 2 is as follows.

1. The IGEL endpoint is started.

2. QwickAccess for IGEL starts and uses the username, domain, and password assigned to that endpoint to launch and login to Citrix.

3. Epic Hyperdrive is launched automatically.

4. QwickAccess for IGEL shows its “TAP YOUR BADGE” screen. Epic Hyperdrive is not visible but is running behind the “TAP YOUR BADGE” screen.

5. User1 approaches the IGEL endpoint and taps their badge on the connected RFID reader.

6. The “TAP YOUR BADGE” screen is dismissed and User1 is logged into Hyperdrive and can begin their work.

7. When User1 needs to step away from their work, they tap their badge again. Hyperdrive remains unsecured (unlocked) but QwickAccess for IGEL displays its Privacy Screen which prevents anyone from seeing User1’s work.

8. At this point, one of the following can happen:

   1. User1 returns and taps their badge. QwickAccess for IGEL removes its Privacy Screen and the user continues with their work where they left off in Hyperdrive, or

   2. A second user, User2, walks up and taps their badge. The first user, User1, is logged out of Hyperdrive and User2 is logged in, or

   3. User1 does not return and after a period of time QwickAccess for IGEL automatically logs User1 out of Hyperdrive and returns to the “TAP YOUR BADGE” screen.

Note that in this workflow Epic Hyperdrive is not always visible on the IGEL endpoint. Instead, QwickAccess for IGEL displays either the “TAP YOUR BADGE” screen or Privacy Screen depending on the current usage scenario.

To configure QwickAccess for IGEL to use Workflow 2 on an IGEL endpoint, follow these steps:

1. Open and log into the IGEL UMS Console app.

2. Find the “QwickAccess for IGEL - Version 1.3.0” profile under the Profiles node of the Console app.

3. Double-click the “QwickAccess for IGEL - Version 1.3.0” profile to open the profile editor.

4. Navigate to System > Firmware Customization > Environment Variables > Additional area of the editor.

5. Edit the Value associated with each Variable name (don’t edit the Variable name, only the Value) to match settings in the table below.

6. Click Save to save your changes.

Important

You will also need to configure each IGEL endpoint with a username, domain, and password that QwickAccess for IGEL can use to log into Citrix. See the section Additional Required SSM Settings below for instructions on this.

Additional Required SSM Settings

When QwickAccess for IGEL is operating in Shared Session Mode (SSM), it will automatically launch and log into Citrix when the IGEL endpoint is started. However, in order to accomplish this QwickAccess for IGEL must have valid Citrix account credentials (username, password, and domain). In addition, the account must be unique for each IGEL endpoint on which QwickAccess for IGEL is configured for SSM. The reason for this is that if two or more IGEL endpoints share the same account (username/password/domain) then the following scenario is inevitable.

1. IGEL endpoint 1 starts and QwickAccess for IGEL (configured in SSM) starts and uses “username1” (with its associated domain and password) to launch and log into Citrix.

2. IGEL endpoint 2 starts and QwickAccess for IGEL (configured in SSM) starts and also uses “username1” (with its associated domain and password) to launch and log into Citrix.

3. Since endpoint 2 is using the same credentials as endpoint 1, the Citrix session on endpoint 1 is disconnected and moved over to endpoint 2.

4. QwickAccess for IGEL on endpoint 1 recognizes that the Citrix session has been disconnected and therefore launches and logs into Citrix again.

5. This disconnects the Citrix session from endpoint 2 and moves it over to endpoint 1.

6. Now QwickAccess for IGEL on endpoint 2 recognizes that the Citrix session has been disconnected and therefore launches and logs into Citrix again.

As you can see, when QwickAccess for IGEL is using the same account on two or more endpoints, the Citrix session will bounce back and forth between the endpoints continuously.

Therefore, QwickAccess for IGEL (when configured in SSM) must have an account that it can use to log into Citrix that is unique to each endpoint.

We recommend that you create a profile for each endpoint in which each profile contains the account credentials for a particular endpoint. In order to accomplish this, first create a profile that you can use as a template, and then copy the template profile to make a new profile for each endpoint.

Create a Profile Template

1. Open and log into the IGEL UMS Console app.

2. Click System in the upper-left of the app.

3. Choose New > Profile.

4. In the New Profile dialog, for Profile Name, enter “QAX-IGEL SSM Account Template”. For  Description, enter “Use this template as the basis to deploy Citrix account credentials to QwickAccess for IGEL SSM endpoints”. Click OK.

5. When the profile editor window opens, navigate to System > Firmware Customization > Environment Variables > Predefined.

6. Enter three Variable name and Value pairs as shown in the table below.

7. Click Save.

Copy the Profile Template

Next, copy the profile template and configure each copy with unique account information. Note that the domain is likely to be the same across all the copies, so to save yourself some work, you can put the actual domain name in the template so that you don’t need to type that into each copy. In addition, it may be that the password is the same across all the copies. If it is, put the actual password into the template as well.

You will need to make a copy of the profile template for each IGEL endpoint that will have QwickAccess for IGEL running in SSM. Update each copy with a unique username, and if needed, the corresponding password and domain values.

You are now ready to move to the next step, Step 6: Deployment and Test.

All Settings

The All Settings page contains a description for all of the settings that are available for QwickAccess for IGEL.