Wanted to get some thoughts around utilizing Citrix to provide VPN capabilities for Intune Managed devices.
What we're trying to accomplish is use a SSL tunnel via the Managed Browser to provide access to our internal sites or Cloud applications (SSO via PingFederate and exposed to internal networks only).
Backstory: We were using Cisco and got it running in our dev environment only to figure out that they don't support Kerberos proxying/forwarding and most of our sites were generating multiple authentication prompts. Enter Citrix
We're in initial talks with them...but seems like they support Kerberos proxying on the managed browser multiple ways....one method that interests us is client/user certs and extracting the UPN to proxy the kerberos auth request forward.
1. Does Citrix VPN support zero touch per-App VPN on iOS?
2. When will Intune support device certs?(I keep hearing October but if someone knows - feel free to correct me)
3. How does everyone else handle kerberos authentication via managed browser/Edge on Intune?
4. Can Citrix in fact do what they claim i.e. provide a proxying service for Kerberos and SAML auth?
If someone's done this before - would love to chat with them about their experience and lessons learned.