Solutions Brief

VeridiumAD and
Citrix Workspace
Replacing tokens with Biometric authentication
VeridiumAD allows organizations to protect the Citrix Workspace as a part
of the Citrix Secure Digital Perimeter. Using strong biometric
authentication, VeridiumAD lets organizations move from insecure
passwords and costly token-based authentication. Beyond what a user
has or knows, biometric authentication factors help validate who a user
actually is, before granting access to corporate resources.

Citrix Workspace
Only Citrix offers the most complete
and integrated workspace to enable
people to securely access their apps,
desktops, and data from anywhere.
Rely on Windows app and desktop
delivery from XenApp® and
XenDesktop®, device security from
XenMobile®, secure file sync and
sharing with ShareFile®, and network
security with NetScaler ®. Only a Citrix
Workspace offers you complete
choice of device, cloud and network,
streamlined for IT control and simple,
secure access for users.
Solutions Brief VeridiumAD and Citrix Workspace
After several devastating high-publicity breaches and significant
ongoing helpdesk costs,1 many organizations are trying to move
beyond traditional usernames and passwords. Hardware or
software tokens too can be problematic, with high costs and a
complicated user experience. Importantly, usernames and
passwords combined with tokens don’t actually verify identity, they
only signify that a potential user has certain devices and
information, which can all be illicitly obtained.
Using only a smartphone, VeridiumAD provides a software-only solution that captures a variety of
biometrics to authenticate into corporate environments and across the entire Citrix Workspace.
VeridiumAD seamlessly integrates with StoreFront™, NetScaler ®, and ShareFile® to eliminate pass-
words and/or tokens as a part of a two-factor authentication solution. The solution offers secure data
and application access with a fingerprint, face, or other biometric—including Veridium’s own
4 Fingers TouchlessID. The result is a convenient and cost-effective alternative to traditional login
methods that actually verifies identity—who a user is—rather than just what they have or what they
know.
VeridiumAD—secure biometric authentication for Citrix environments
Identity is the claim a user makes to access information, but making that claim with a username and
password doesn’t actually prove who is making the access request. Passwords and even tokens only
authorize access, while true authentication is the process of actually verifying the identity claim. Only
biometrics—your face, your voice, your fingerprints—prove you are who you say you are.
Biometrics—proving who is making an access request
Biometrics replaces what you know (passwords and PINs) or have (hardware or software tokens) with
who you are. Unfortunately, deploying biometrics widely has been hampered by a lack of computer
systems equipped with biometric interfaces. By using sophisticated biometric capabilities on smart-
phones, VeridiumAD can replace passwords altogether, or deploy biometrics as a second factor to
strengthen legacy systems. Where available, VeridiumAD makes use of native support for biometrics
on various devices and smartphone operating systems, including:
• Touch ID and Face ID on mobile devices running Apple iOS
• Fingerprint and Face Unlock on devices running Google Android
1. Microsoft now estimates that it spends over $2M per month in helpdesk calls for password resets.
(http://money.cnn.com/2018/03/18/technology/biometrics-workplace/index.html)
citrixready.citrix.com 2

The Citrix Ready® Program
The Citrix Ready Program showcases
verified products that are trusted to
enhance Citrix solutions for mobility,
virtualization, networking and cloud
platforms. The Citrix Ready
designation is awarded to third-party
partners that have successfully met
test criteria set by Citrix, and gives
customers added confidence in the
compatibility of the joint solution
offering.
Solutions Brief VeridiumAD and Citrix Workspace
For legacy smart devices without biometric capabilities, Veridium developed its own biometric tech-
nology that is even more secure than native touch verification. Veridium 4 Fingers TouchlessID offers
secure contactless fingerprint verification with no additional hardware required. The technology sup-
ports all smartphones with a 5 Megapixel rear-facing camera.
4 Fingers TouchlessID has demonstrated an extremely low false rejection rate through independent
testing. Software testing firm iBeta found a false match rate of less than 0.1% at 95% confidence.
Michigan State University also tested the technology in India on subjects with worn fingerprints,
including construction workers, farmers, and the elderly. Their results showed a false rejection rate of
0.34% and a false acceptance rate of 0.1%. The National Institute of Standards and Technology (NIST)
is currently developing a standard for contactless fingerprinting in conjunction with the FBI. Veridium
is the first mobile technology vendor to join the NIST CRADA program to assist them in the develop-
ment of this standard.
VerdiumAD and Citrix integration
VeridiumAD secures the entire Citrix workspace on desktop or laptop systems, including for virtual
desktop infrastructure (VDI) environments. Touch/fingerprint, facial recognition, or Veridium’s own
4 Fingers TouchlessID can be used as a second factor, or the biometric validation can eliminate pass-
words entirely. Importantly, the technology also supports offline operation.
Built on the IEEE 2410 Standard for Biometric Open Protocol, the VeridiumID server works in con-
junction with a mobile app to provide single-step multifactor biometric authentication. Matching can
take place on the mobile device or a back-end server hosted either in the cloud or on-premises.
Administrators can choose to store biometric vectors on the phone, on a server, or split between the
two using Veridium’s distributed data model for extra security. VeridiumID provides full integration
with and support for the Citrix Workspace including StoreFront, NetScaler, and ShareFiles (Figure 1).
Custom integration RADIUS SAML
StoreFront NetScaler ShareFile
Integrations
ENROLL AUTHENTICATE
Biometrics
Figure 1. VeridiumID integrates fully with Citrix Workspace to enroll and authenticate users via strong
biometrics.
citrixready.citrix.com 3
Solutions Brief VeridiumAD and Citrix Workspace

Securing biometric information

Securing biometric information is paramount, since biometric data is for life, and cannot simply be
“reset.” Veridium supports a distributed data model to protect the biometric data enrolled as a part of
4 Fingers TouchlessID. Captured biometrics are encrypted with Visual Cryptography, allowing
Veridium to encrypt the vector randomly into two separate pieces. One piece of the encrypted data
can be stored on the mobile device while the other can be stored securely on the VeridiumID server.
This data is useless to a hacker unless both device and server are compromised.

Citrix Secure Digital Perimeter for Citrix Workspace

Beyond user names and passwords, administrators need to validate the user identity and provide
fine-granularity access to exactly the applications and data required. At the same time, the environ-
ment is changing rapidly, creating new security challenges for IT, including:

• Cloud and application sprawl

• Distributed work styles
• Un-sanctioned storage
• Multiple devices (BYO, company-provided)
• IT complexity
• Motivated/malicious hackers
• Vast attack surfaces

Deploying a patchwork of security point solutions actually only complicates the problem. Separately
managing authentication, single sign-on, endpoint access, and password management can create
additional security vulnerabilities. In fact, many businesses now believe the complexity of their orga-
nizational structures and IT infrastructure is putting their companies at even greater risk of security
breaches. Meanwhile users are left to grapple with a less productive environment.

Citrix Workspace
Only Citrix offers the most complete and integrated workspace to enable users to securely access
their apps, desktops, and data from anywhere.

• App and desktop delivery (XenApp / XenDesktop). Citrix Workspace features XenApp and
XenDesktop—the industry’s leading solutions for application and desktop delivery, with over 100
million users worldwide. Citrix Workspace enables secure, remote access to Windows applications
and desktops as well as Linux, web and SaaS applications from any device, over any network.
• Enterprise mobility management (device security from XenMobile). Using XenMobile technology,
Citrix Workspace delivers full access to mobile device management (MDM), mobile application man-
agement (MAM), mobile content management (MCM), secure network gateway, and
enterprise-grade mobile productivity apps in one comprehensive solution.
• File sync and share (ShareFile). Citrix Workspace offers enterprise-class data services across all
corporate and personal mobile devices, while maintaining total IT control. Using ShareFile, you can
access, sync, and securely share files from any device. Offline access maintains productivity, even
when users are on the go.

citrixready.citrix.com 4
Solutions Brief VeridiumAD and Citrix Workspace

• Branch networking and WAN. Citrix Workspace includes NetScaler™ SD-WAN, a solution that com-
bines real-time path selection, edge routing, stateful firewall, end-to-end QoS, and WAN
optimization.
• Secure remote access. NetScaler Unified Gateway consolidates remote access infrastructure and
provides single sign-on across all applications whether in a datacenter, in a cloud, or delivered as
SaaS.

Citrix Secure Digital Perimeter

With Secure Digital Perimeter, Citrix significantly expands its network offerings in a SaaS, hybrid, mul-
ticloud and multidevice world. The approach provides simplified control, 360-degree visibility, and
intelligent analytics, with benefits that include:

• Contextual and secure access. Single sign-on and secure access provides end-to-end security to
apps deployed in datacenter, cloud, or SaaS to users accessing from hospital clinics, or remote sites,
on any device.
• Mobile and device security. User productivity is improved by delivering secure access to corporate
apps from both personal and corporate-issued devices.
• User security and malware protection. The Secure Digital Perimeter offers a differentiated and
coordinated approach to protecting against malware and ransomware through multiple
touchpoints.
• Secure collaboration. ShareFile offers easy access and collaboration while Secure Digital Perimeter
protects against data theft, misuse, and loss.
• Governance, risk, and compliance. Organizations can address risk, global compliance standards,
and industry regulations for app, user, and device security.
• Business continuity and app security. Secure Digital Perimeter helps prevent malicious attacks
from affecting business operations while providing network and secure access resilience during
outages, natural disasters, and calamities.
• User behavior analytics and proactive security insights. Citrix Analytics collects data across Citrix
offerings, generating actionable insights that enable administrators to proactively handle user and
app security threats, improve performance, and support continuous operations.

Enhancing the Citrix Secure Digital Perimeter with Citrix Ready

Citrix understands that security is a rapidly evolving area, with diverse vendors offering important
innovations. Augmenting the capabilities of the Secure Digital Perimeter through the Citrix Ready
program allows Citrix to partner for a flexible and comprehensive security solution that supports
access to any application and data from any device. Organizations can move away from discrete point
solutions that bring unwanted complexity without compromising flexibility or choice. Organizations
can reward innovation and choose specific security solutions that meet their needs without adding
unnecessary administrative complexity, or creating new security vulnerabilities.

citrixready.citrix.com 5
Solutions Brief VeridiumAD and Citrix Workspace

General Data Protection Regulation

Organizations that serve customers or individuals in the European Union must comply with the
General Data Protection Regulation (GDPR), with an extremely high cost for non-compliance. The
GDPR requires affected companies to document the personal data they collect, what they use it for,
and how they secure it. In today’s world, this mandate includes the vast majority of enterprises and a
large proportion of smaller businesses as well. The regulation includes any data that can be used to
identify an individual, regardless of how it has been provided, observed, or inferred.

Citrix solutions provide a foundation of confidentiality, integrity, and availability across all types of on-
premises, hybrid cloud, and public cloud IT environments. Four key design principals make Citrix
solutions ideally suited to aid GDPR readiness:

• Applications are centralized in the datacenter or cloud so that enterprise data is not stored on indi-
vidual user devices.
• When sensitive data must be distributed, mobilized, or utilized offline, it is protected in a secure
container.
• Context-aware policies around identity, device, location, and network connection give IT granular
access control.
• Visibility and user behavior analytics can help detect potential threats to proactively remediate and
mitigate risk.

Conclusion
The combination of VeridiumAD and Citrix allows organizations to protect and secure Citrix
Workspace and provide strong biometric authentication—with seamless StoreFront, NetScaler, and
ShareFile integration. Single sign-on provided by Citrix combined with VeridiumAD helps organiza-
tions make sure that users really are who they say they are. Users can authenticate via the mobile
device they already carry, either using biometrics as a primary factor to eliminate passwords, or as a
secondary factor to eliminate tokens. The result is a vastly more secure and simplified user experi-
ence that helps reduce help desk burden.

Corporate Headquarters India Development Center Latin America Headquarters

Fort Lauderdale, FL, USA Bangalore, India Coral Gables, FL, USA

Silicon Valley Headquarters Online Division Headquarters UK Development Center

Santa Clara, CA, USA Santa Barbara, CA, USA Chalfont, United Kingdom

EMEA Headquarters Pacific Headquarters

Schaffhausen, Switzerland Hong Kong, China

About Citrix Ready

Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to
enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with
instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years
of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more
than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com.

Copyright © 2018 Citrix Systems, Inc. All rights reserved. Citrix Ready, NetScaler, NetScaler App Delivery Controller, NetScaler ADC,
NetScaler Unified Gateway, ShareFile, XenApp, XenDesktop, and XenMobile are trademarks of Citrix Systems, Inc. and/or one of its
subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks
of their respective companies.

citrixready.citrix.com 6