Jump to content


Photo

Configure Self-Service Password Reset for Multiple trusted domains

Started by Geir Dybbugt , 18 January 2017 - 09:40 AM
7 replies to this topic

Geir Dybbugt Members

Geir Dybbugt
  • 6 posts

Posted 18 January 2017 - 09:40 AM

Hi, 

Configured the Self Service part for Storefront last night.
We have multiple domains for customers and one "resource domain" where storefront SSPR etc is. 
Trust is in place between resource and tenant domains. 
 

Anyone have any experience with setting up SSPR for multi tenant?
Citrix docs only say its possible, but cannot find anything more detailed. 

Have no option to add more than the domain where SSPR service resides under configuration. 



Zhengjie Miao Citrix Employees

Zhengjie Miao
  • 3 posts

Posted 20 January 2017 - 03:09 AM

Geir,

 

  1."We have multiple domains for customers and one "resource domain" where storefront SSPR etc is. "

  [Resp]: the StoreFront and SSPR Server located in the same domain in your environment right?if it is true, that's ok for SSPR multiple domains case.

 

  2."Trust is in place between resource and tenant domains. "

  [Resp]: what kind of AD trust here? SSPR support two-way trust.

  

  3. make sure item 1&2 are correct, and then configure correct Self-Service Accounts which has the privilege to reset password of target domains

    SSPR Console->Edit Service Configuration->Domain Configurations, all available domains will be showed in the list->select each domain item->click Properties button to configure correct Self-Service Account

   Configure Multi domain.png

 

 4. None "Resource Domain" user login StoreFront, and then try SSPR functionalities

 

 you can try above steps

 

thanks

zhengjie

 

 

 

  



Geir Dybbugt Members

Geir Dybbugt
  • 6 posts

Posted 20 January 2017 - 06:22 AM

1: Storefront and SSPR are located in saem doman. 

2: Two way trust is in place (because we also leverage ADFS betwen this domain and tenants)

 

3: This is where to problem comes in to play. Account have rights, but no additional domains show up available to choose.
We also have PVS in the same domain as SSPR, here all domains show up. But not in SSPR :(

4: because 3 cannot test 4:) 

 



Geir Dybbugt Members

Geir Dybbugt
  • 6 posts

Posted 20 January 2017 - 10:31 PM

Small update.

If we put a user from the tenant domain as member of lokal admins on sspr server. That tenants domain show up in sspr console.

But, this also causes sspr console crash for some tenant user after adding to admin, and ok for some others. Seems abit buggy.

No difference on the tenant users beeing added to local admin on sspr server. Trust etc is same for all tenants.

Zhengjie Miao Citrix Employees

Zhengjie Miao
  • 3 posts

Posted 06 February 2017 - 02:30 AM

Geir,

  Sorry for later response, We start investigating this issue. will let you informed if have any progress.

 

zhengjie 



Qiong Wu Citrix Employees

Qiong Wu
  • 1 posts

Posted 06 February 2017 - 08:48 AM

Geir,

 

Which account did you use to configure SSPR?The account from tenant domains or the one from resource domain?

And did the tenant domains trust each other?



Geir Dybbugt Members

Geir Dybbugt
  • 6 posts

Posted 27 February 2017 - 08:28 AM

Hi again, 

Account for SSPR is an Citrix Admin account used in the "Resource" domain.

Trust is in place between Tenant and resource domain. 

No trust between tenant to tenant of course due to different customers:) 

 

 



Christopher Barlow Members

Christopher Barlow
  • 56 posts

Posted 18 April 2017 - 01:38 AM

Hi. We'll be looking to deploy this in a multi-tenant environment later this year so keen to hear if any progress was made on this issue.