Protect Citrix with TraitWare

TraitWare® is Simple Secure Login – certified CitrixReady.

The expansion of the remote workforce, with company assets being accessed from outside the enterprise perimeter, means increased need for more secure identity and access management. The TraitWare® MFA and SSO Platform combined with Citrix Workspace and Citrix ADC has the capability to quickly get small to very large remote workforces connected and secure. 

The cost savings and security benefits for Citrix customers adopting TraitWare®

  • 60%+ reduction in password support costs
  • Eliminate 80% of security breaches from unauthorized Usernames & Passwords 
  • Meet government and company mandated Multi-Factor Authentication (MFA) requirements
  • Competitive advantage: TraitWare® frees you from “Password Hell”

Remote Work Passwordless MFA Security – 3 Months Free to Assist Your Transition. Please contact us for more information on how you can Go Passwordless today.

Video Resources

Webinar – Going Passwordless with Citrix and TraitWare
Take a look at our Winning Video!
Citrix and TraitWare – It’s a No Brainer
See How Simple – Passwordless Access to Citrix

Frequently Asked Questions

We have MFA, but it’s in addition to passwords, not replacing them. Could you speak to those options as best practice?

  • What we are seeing across the space is that MFA that is an add-on to Usernames and passwords is still at risk. Twitter’s recent account takeover is a good example of this. Best practice is to move to a solution that leverages Zero Trust framework and deploys a token and certificate pinned authentication process.

How are the tokens and securities handled? It is well known some security breaches with credential tokens stolen and used by hackers to gain access.

  • Security is the most important part of our platform and we take it very seriously.
  • For the authentications on the mobile app and initiating a login via the mobile app, we use a rotating nonce and PKI (or Public Key Infrastructure) to prevent any replays. The signing key is stored in the secure element on the mobile devices and is tamper resistant. The same mobile app token used to create a login cannot be used more than once.
  • For SAML assertions sent to the service provider after a successful login attempt, those are one-time use assertions. This assumes the SAML integration is configured correctly at the service provider – the assertions are time stamped and digitally signed and should not be allowed to be used more than once with the exact same timestamp.
  • For OpenID Connect integrations, the ID token is only exchanged in a direct server to server secured communication between the service provider and the TraitWare Sever. This trust relationship is set up during the integration steps between TraitWare and the service provider. The ID tokens are also digitally signed and time stamped and should not be allowed to be replayed at the service provider.

What if your computer screens are incompatible with QR code scanning?

  • The computer does not need to be able to scan a QR only the mobile token does. If there are situations where this is not possible, we have an accept/decline out of band push notification flow. (tap to login).

What’s the difference between your product and the free Citrix FAS product?

  • Traitware and FAS work together (complement each other) to achieve one goal… FAS is a Citrix component that is designed to integrate with ADCS and dynamically issue certificates for users to allow them to access Citrix VDAs without passwords (SAML). So in other words, it is like a system that issues “Virtual Smart Cards” or certificates for the users.
  • Unlike some enterprise SAAS apps, Windows does not natively “speak” SAML. Citrix relies on Windows VDA session logins. FAS is needed to fill in this gap.
  • Where TraitWare enhances this is the user to machine access in a zero trust framework. Using a Passwordless MFA inherent login.

How difficult is it to have multiple “passwordless” solutions?

  • Using multiple Passwordless solutions would be more of a configuration question on your end. If your environment can accept a SAML assertion from more than once source it would work. Let me know how I can help you experience all the features TraitWare has. We have a live demo available if you’d like.  We work for any environment you need and are Citrix Ready verified for reliability and security.

What if I lose my phone or mobile device?

  • When using MFA you must have something you possess, so, to be clear, this is a possibility with any MFA solution from a USB key, RSA key to other software based solutions. The advantage to TraitWare is that when you need to recover from a lost or damaged token your account is stored on the authentication server. So once you re-authenticate to the token all your access is instantly live, no need to setup per application. You are also only replacing a piece of hardware you are going to replace no matter what you phone so no added costs.

What do you say when a company says that Passwordless is too expensive?

  • By replacing the login credentials and including the MFA and SSO inherently in the solution TraitWare can show a minimum 60% + savings from your existing Password Support budget. While reducing the risk of the #1 cause of data breaches.