Contents

1. Citrix VPN (Remote Access) Overview ........................................................................................... 3

1.1 Connectivity Options Available ............................................................................................... 3
1.1.1 Full VPN ........................................................................................................................... 3
1.1.2 Half VPN .......................................................................................................................... 4
1.2 Trusted and Untrusted Devices .............................................................................................. 6
1.3 Prerequisites for a Citrix VPN Connection .............................................................................. 7
1.4 Steps to follow to enable an Untrusted Windows device to be compliant for VPN
connectivity ....................................................................................................................................... 10
1.5 Steps to follow to enable an Untrusted MacOS device to be compliant for VPN connectivity
21
2. Onboarding Citrix VPN Access – Request & Line Manager Approval ......................................... 24
2.1 User Access Request ................................................................................................................. 24
2.2 RAS Untrusted Full VPN access ................................................................................................. 26
2.3 Line Manager Approval ............................................................................................................. 28
3. Citrix VPN – How to Connect ....................................................................................................... 31
3.1 Step by Step VPN Connecting Guide for a Windows Device (Trusted & Untrusted) ................ 31
3.2 Step by Step VPN Connecting Guide for a MacOS Device (Untrusted)..................................... 33
4. Using Software Center to Install Citrix Plug-in (Trusted Device) ................................................ 37
5. Resolving Common VPN Issues .................................................................................................... 40
5.1 Access Denied Error .......................................................................................................... 40
5.2 Some users will experience a cycle on the RAS login screen ............................................ 41
5.3 Sorry but we’re having trouble signing you in .................................................................. 47
5.4 My Untrusted Windows device is not getting a VPN Connection .................................... 47
5.5 My Untrusted MacOS device is not getting a VPN Connection ........................................ 48
5.6 Untrusted MacOS device with FileVault enabled, fails posturing check .......................... 48
5.7 I cannot access Avaya on https://ras.standardbank.co.za/ .............................................. 49
5.8 I am fully compliant for Full VPN and still cannot get a Full VPN connection .................. 50
5.9 I am unable to reach sites or servers on https://ras.standardbank.co.za/ ...................... 50
5.10 I have Windows 10 Home Edition ..................................................................................... 50
5.11 You are not allowed to login error .................................................................................... 50
5.12 Citrix Workspace Updates ................................................................................................. 50
5.13 SAMLRequest or SAMLResponse error during login ......................................................... 52
5.14 Login hanging at Checking out forward proxy .................................................................. 52
1. Citrix VPN (Remote Access) Overview
Citrix Remote Access Service provides a Virtual Private Network connection for remote workers to
utilise a public internet connection to securely connect to Standard Bank’s Enterprise Network
ensuring that all network activity is private and secure.

1.1 Connectivity Options Available

1.1.1 Full VPN

Allows full network access to resources and applications, like being connected to the Standard Bank
network. To establish a Full VPN connection after authenticating select the network access tile for a
Full VPN to be established, refer to Section 3 to obtain step-by-step information.
1.1.2 Half VPN
Half VPN is when you log on to RAS and select the third tile that allows access to virtual applications
and desktops that you have been granted access to launch. This option does not provide full network
connectivity only to the virtual apps and desktops. To establish a half VPN connection after
authenticating select Citrix Virtual Apps and Desktops.

When Virtual Apps and Desktops Access is selected you will automatically be presented with a
Storefront screen as shown below. Should your device not meet security compliance you will be
presented with the Storefront page below.
Should your device not meet security compliance, you will be presented with the Storefront page
below.

To make your device security compliant, follow any of these steps:

• Refer to Section 2.2 by clicking on this link.

• Contact the Service Desk on 0860 100 458.
 1.2 Trusted and Untrusted Devices

The table below provides a breakdown of the prerequisites that must be in place for Full VPN
connectivity to be established.

A device that is part of any of the Standard Bank Domains is categorised as a Trusted Windows 10 device, no further
action is required of you. Your device meets the prerequisites for a FULL VPN to be established.
Bank Issued device, Note: For MacOS or Windows 10 Non-Domain joined devices are categorised as Untrusted devices and will need have
Domain Joined the prerequisite configurations and software installed for a full VPN to be establish, refer to the section below to obtain
(Trusted) the prerequisites that need to be met for a full VPN to be established.

Categorised as an Untrusted Device (Windows / MacOS)

require that the following device prerequisites are fully met for a VPN connection to be permitted
For MACOS based devices the following device prerequisites must be enabled or applied:
1. MacOS Version Catalina or greater
2. Native MacOS firewall enabled
3. File Vault Disk Encryption Enabled
4. Cybereason EDR Agent installed v19.1 or later
Bank/Non-Bank Issued Device 5. Antivirus Software installed
Non-Domain Joined For Windows based devices the following device prerequisites must be enabled or applied on your Windows device:
(Untrusted) 1. Windows 10 Professional and above with latest updates & patches installed
2. Native Windows Firewall enabled
3. BitLocker Enabled
4. Cybereason EDR Agent installed v19.1 or later
5. McAfee Antivirus Software installed v10.7 or later or

Note: Windows 10 Home is not permitted/Allowed

Follow steps 1.4 and 1.5 on how to make your device compliant.
 1.3 Prerequisites for a Citrix VPN Connection
1.3.1 Windows Device
Criteria Explanation

A prerequisite to obtain VPN access is to have a valid and active domain account (e.g a123456 / c123456 account)
created on the Standard Bank domain. Should you not have a domain account, one should be requested via the
VPN Access MyAccess process.
Once you have a domain account VPN access can be obtained by following the steps documented in Section 2 of this
document.

Listed below are the Software pre-requisites that needs to be installed:

Windows 10:
• Gateway Plug in - V21.3.1.2, required for a VPN to be established
• EPA Plug in - V21.3.1.2, required for a VPN to be established
• Workspace App – V21.02.0.25, required for Citrix Virtual Apps & Desktops

Local Administrator rights are needed to install this software. Software Center is also available to install the VPN pre-
Software Prerequisites requisites by following the steps documented in Section 4 of this document.
Windows
 Software Prerequisites
Windows

Follow steps below to

validate Software that is
installed in your device:

Click on Start and type in

“Control Panel”

You will see it appear as

you type.

Click on Control Panel

Click on Programs
and Features

Software Prerequisites
Windows

Verify that the Software

version below is Installed:

Gateway Plug in -
V21.3.1.2
EPA Plug in - V21.3.1.2
Workspace App –
V21.02.0.25
 1.3.2 MAC OS Device

Criteria Explanation
VPN Access A prerequisite to obtain VPN access is to have a valid and active domain account (e.g a123456 / c123456 account)
created on the Standard Bank domain. Should you not have a domain account, one should be requested via the
MyAccess process.
Once you have a domain account VPN access can be obtained by following the steps documented in Section 2 of this
document.

Software Prerequisites For MACOS based devices the following device prerequisites must be installed:
MAC OS
Mac Gateway Plug in – V4.4.8
Workspace App - V21.04.0.14

Software Prerequisites
MAC OS

Follow steps below to validate

Software that is installed in your
device:

Mac Gateway Plug in – V4.4.8

Workspace App - V21.04.0.14

Click on Search
Type “gateway”

Citrix Gateway appears showing

that it is installed and its version
 Software Prerequisites
MAC OS

Click on Search
Type “endpoint”

Citrix Endpoint Analysis appears

showing that it is installed and its
version

1.4 Steps to follow to enable an Untrusted Windows device to be compliant for VPN
connectivity

1. Verify that your Operating

System version is Windows 10
• Click on Windows and Type in Run
and click on the icon

• Type in “winver”
• The About Windows window will
pop up showing your Windows
Version.

Note:
Your Operating System version must be
Windows 10 and above to qualify for a
VPN connection.

Verify that your Windows 10 device

has the latest Windows updates &
patches installed
• Right Click on Start menu and then
click on the Search tab.
• Type in Control Panel and click on
the icon

• Click on the Program and Features

icon
• Select View Installed Updates
• Validate that updates or patches
have been installed in the past
month
• Should your machine not have the
latest updates & patches contact
your IT Support

3.Verify & Enable the Windows

Firewall:
• Right Click on Start menu and
then click on the Search tab
• Type in Control Panel and
click on the icon
• Click on Windows Defender
Firewall
• Should the status of the
firewall be in a disabled state,
have it enabled.
Note:
• The firewall must be in an enabled
state to qualify for a VPN connection.
• Should you have a 3rd party software
installed, please contact the Standard
Bank Service Desk and have a call
logged to the Citrix team for your
firewall software to be allowed.

Note:
Your Windows Firewall must be
enabled to qualify for a VPN
connection.

Note:
If you do not use the Default Windows
Defender software and use a Third-
Party Firewall Software. Please log a
call with the Citrix Team with the
details of your specific Antivirus
Firewall Software.
 4. To Enable BitLocker Drive
Encryption:
• Right Click on Start menu and then
click on the Search tab.
• Type in Control Panel and click on
the icon

• Click on BitLocker Drive

Encryption

• Under the "Operating system

drive" section, click the Turn on
BitLocker option
Click Next

Click Shutdown
After Shutdown:

Access your BIOS to enable TPM

Support

Process Dependant on Device

Manufacturer

After the TPM configuration,

start your Device again. The
Bitlocker Setup Wizard will
resume
Specify a PIN
 Note:
It is your responsibility
to make sure that you print or save
the recovery key to a file electronically
and store it securely in such a way
that you’ll have access to it even when
your Windows device can’t be booted.

Click Next

Bitlocker is Enabled

Note:
Bitlocker Drive Encryption must be in an
enabled state to qualify for a VPN
connection.

The Cybereason Software can be Obtained here

5. Verify & Install Cybereason
EDR Agent installed
https://standardbank.sharepoint.com/sites/CitrixRemoteAccess/Shared%20Documents/For
ms/AllItems.aspx?newTargetListUrl=%2Fsites%2FCitrixRemoteAccess%2FShared%20Docum
ents&viewpath=%2Fsites%2FCitrixRemoteAccess%2FShared%20Documents%2FForms%2FAl
lItems%2Easpx&viewid=971be17f%2Dbe8d%2D4682%2Dbb92%2Ddc01bb662b5f&id=%2Fsi
tes%2FCitrixRemoteAccess%2FShared%20Documents%2FGeneral%2FSoftware
Click on the Cybereason folder

Click on the V19.1.203.0 Folder

Click on your required Operating

System Version
For Windows 64 Bit, click on the
Windows 64 Bit folder

Click on Cybereason64_19_1_203 first

then Click on Download

Select Keep if prompted

Browse to your Download folder in File
Explorer

The Cybereason Sensor Install wizard

will launch.
Click on Install
Verify Cybereason EDR Agent
installed

• Right Click on Start menu and

then click on the Search tab.
• Type in Control Panel and
click on the icon
• Click on the Program and
Features icon

Note:
Cybereason EDR Agent must be
installed to qualify for a VPN
connection.
 6. Verify & Install Antivirus
Software (applies to only
Bank Owned Devices)
• Right Click on Start menu and then
click on the Search tab.
• Type in Control Panel and click on
the icon
• Click on the Program and Features
icon

• Look for McAfee in the list.

OR

• You could also Right Click on the

McAfee icon on the taskbar and
select about to check the correct
version. 10.7 and above.
• To install McAfee Realtime
Protection

Note:
McAfee Realtime Protection must be
installed and enabled to qualify for a Please log a call to the Shared OPS Endpoint Team by emailing: SharedOPSEndpoint@mail.standardbank.com
VPN connection.

7. List of Antivirus Software 1. Sophos

with 2. Kaspersky
Real-Time Protection that are
accepted 3. Trend
4. Bitdefender
5. Eset
6. Avast
7. Norton
8. Symantec
9. McAfee

Note:
If your Firewall Software is not listed,
please log a call with the Citrix Team
with the details of your specific
Antivirus Software.

1.5 Steps to follow to enable an Untrusted MacOS device to be compliant for VPN
connectivity

1. Verify & Enable FileVault Disk

Encryption

• Choose Apple menu ( ) > System

Preferences, then click Security &
Privacy
• Click the FileVault Tab
• Click , then enter an administrator
name and password to allow for
changes to be made thereafter Click
Turn On FileVault.
• Next you will be asked whether you
want to use your iCloud account as a
way to unlock your disk and reset your
MacOS account password if you can’t
find your recovery key or you can opt to
create a recovery key.

Note:
If you choose to create a recovery key,
where FileVault generates a recovery key
and displays it, it is your responsibility
to make sure you write it down or enter it
electronically and store it securely in such a
way that you’ll have access to it even when
your Mac OS device can’t be booted.

• Disk encryption will be enabled after a

device reboot.

The name of drive in Disk Utility

must be Macintosh HD.
To change the Name, refer to
Section 5.6 in this document.

2. Verify & Install the Cybereason EDR

Agent 19.1 is installed

• Launch System Preferences

 • Click on ActiveProbe

• Verify that the version installed is

19.1 and above

Refer to the documentation from this link on

how to install Cybereason on your MAC
device, the abovementioned link has the
required software installation files,
certificates and instructions to have it
correctly installed and configured

3. Verify & Configure MAC OS Native

Malware protection
• Choose Apple menu ( ) > System
Preferences, then click Security &
Privacy
• Ensure that either App Store or
App Store and identified
developers

On Catalina (version dependent)

Big Sur (version dependent)

2. Onboarding Citrix VPN Access – Request & Line Manager Approval

2.1 User Access Request
To obtain Citrix VPN access using a Standard Bank issued device that is domain joined, the table
below provides the steps that must be followed for VPN Access

1. Connect to MyAccess Portal by

clicking on the link below
https://myaccess.standardbank.co.
za/identityiq/login.jsf
2. Select Add Application Access
Logon to MyAccess and click on the
“Manage My Access” tile

3. Search for the application that you

are requesting access to
For VPN access there are two
options:

1. Citrix South Africa RAS User

2. Untrusted Device

,select and click Next:

4 Review your request and check if it

. is the right access:
5. Once the request has been
submitted, your line manager will
approve, and it will go through the
appropriate process to provision
the access.

6. Review to check that the correct

request is being made and submit:
Once the request has been
submitted, line manager will
approve, and it will go through the
appropriate process to de-provision
the access.

2.2 RAS Untrusted Full VPN access

To grant Citrix VPN access for a Non-bank or non-domain joined machine.

1. Connect to MyAccess
Portal
https://myaccess.stand
ardbank.co.za/identityi
q/login.jsf
2. Search for the users A
or C number.

• Click on the tick

and then select
next

3. In the search tab type

in
RAS_Untrusted_FullVP
N

• Select the tick box

and then select
next

4. Please click on the

submit button

5. Verify that the request

submitted successfully
 6. Tracking approvals

2.3 Line Manager Approval

To approve VPN access requests as a Line Manager, the table below provides the steps that must be
followed for VPN Access

1. Connect to
MyAccess Portal

https://myaccess.st
andardbank.co.za/i
dentityiq/login.jsf

2. Select Manage my
Access then click
on manage user
access
3. Click on the tick
box

4. Verify if the
request is for the
correct access
5. Click on Submit to
approve the access

6. Click on Submit to
approve the access
 3. Citrix VPN – How to Connect
3.1 Step by Step VPN Connecting Guide for a Windows Device (Trusted & Untrusted)
The table below provides a step by step guide to assist you to the Citrix VPN link
https://ras.standardbank.co.za

1.
Initiate a Citrix VPN Connection:
Open Chrome or Microsoft Edge
Browser
Enter the following Remote Access
web address
https://ras.standardbank.co.za, hit
enter
The browser will redirect you to login
page where you will be required to
enter your login credentials as shown
below, enter your email address and
click on Next

2. Type in your AD password and click

on Sign in
3. Approve the sign in request.

4. When prompted, click on Always

allow. This is to prevent it from
always popping up. Then click Open
nglauncher , DO NOT select Skip
Check

5. Thereafter you will be presented with

the Network Choices screen. Click on
Network Access for a Full VPN
network access. Should you only
require access to applications hosted
on Citrix XenApp or Virtual Desktop,
select Virtual Apps and Desktop
Access

6. Once you have selected Network

Access for Full VPN, the Citix
Gateway plugin will launch in the
taskbar next to the time at the
bottom right
Once you have successfully
established a VPN connection the
webpage shown on the right will be
presented in the webpage
7. Check the gateway plug in by clicking
on the up arrow on the taskbar then
right click on the blue lock and click
open. This will show you the current
session status.

8.
This will show you the current
session status.

3.2 Step by Step VPN Connecting Guide for a MacOS Device (Untrusted)
The table below provides a step by step guide to assist you to the Citrix VPN link
https://ras.standardbank.co.za

1. Initiate a Citrix VPN

Connection:
Open Chrome or Safari Browser
Enter the following Remote
Access web address
https://ras.standardbank.co.za
, hit enter.
The browser will redirect you to
login page where you will be
required to enter your login
credentials as shown below,
enter your email address and
click on Next
2. Type in your AD password and
click on Sign in

3. Approve the sign in request.

4. When prompted, click on the
box highlighted in yellow and
then click open nglauncher.
This is to prevent it from always
prompting.
DO NOT select Skip Check

5. Thereafter you will be

presented with the Network
Choices screen. Click on
Network Access for a Full VPN
network access. Should you
only require access to
applications hosted on Citrix
XenApp or Virtual Desktop,
select Virtual Apps and
Desktop Access

6. Once you have selected

Network Access for Full VPN,
the Citix Gateway plugin will
launch in the taskbar next to
the time at the bottom right
Once you have successfully
established a VPN connection
the webpage shown on the
right will be presented in the
webpage
7.
Select the icon and select

Show Status Window

8. Your Citrix Gateway Status

will be displayed.
 4. Using Software Center to Install Citrix Plug-in (Trusted Device)
1. Click on Start and type in
“Software Center”

You will see it appear as you

type.

Click on Software Center

2 Click on Applications
.
 3. Requirement:
Gateway Plug in - V21.3.1.2 &
EPA Plug in - V21.3.1.2

Note: The Gateway Plugin and

EPA Plugin are installed in one
process

Click on Citrix Gateway Plug-in

4. Click on Install

5.
6. Requirement:
Workspace App – V21.02.0.25

Click on Citrix Workspace

7. Click on Install

8.
9. Software Installation is Complete

5. Resolving Common VPN Issues

• Access Denied Error
• After I log on it loops back to the login screen
• Sorry but we’re having trouble signing you in
• My Untrusted Windows device not getting a VPN Connection
• MacOS device with FileVault enabled, fails posturing check
• I cannot access Avaya on https://ras.standardbank.co.za/
• Unable to establish a VPN connection using a MAC device
• I am fully compliant for Full VPN and still cannot get a Full VPN connection
• I have Windows 10 Home Edition
• I am unable to reach sites or servers on https://ras.standardbank.co.za/
• You are not allowed to login error
• Citrix Workspace Updates
• SAMLRequest or SAMLResponse error during login
• Login hanging at Checking out Forward Proxy

5.1 Access Denied Error

 • Please close all browsers and try again.
• Also verify that your end point device meets
all the minimum requirements to establish a
Full VPN. Please refer to Section 2 of this
document.
• Ensure that the Citrix Gateway Plugin is
installed.
• Upgrade Citrix Gateway Plug-in.

5.2 Some users will experience a cycle on the RAS login screen

Some users will experience a cycle on the RAS login

screen, taking them back to the login screen once
authenticated.

Step 1: Clear your browser cache (follow

instructions based on your Browser being used)

IE11
• Click on the Settings “Gear” Icon, found on
the top right of the browser
• Click on “Internet Options”
• Under “Browsing History” section, click on
“Delete”
• On new pop-up window, ensure
“passwords” is also selected and click on
“Delete”
Google Chrome
• Click on the 3 buttons found on the top right
hand corner of your browser
• Select “Settings”
• On the “Settings” page, scroll down until you
see the “Privacy and security” section

• Select “Clear browsing data”

• On the new pop-up window, click on “Clear
data”
Microsoft Edge

• Click on the 3 buttons found on the top

right-hand corner of your browser:

• Then select “Settings”

• On the “Settings” page Select “Privacy,
Search and services” from the left menu

If needed, scroll down until you see “Clear browsing

data”
• Select “Choose what to clear”
 • On the pop-up window, ensure “Passwords”
is selected and click on “Delete”

Step 2: Reboot Machine

• Please ensure you save all work and
documentation
• Please reboot/restart your workstation or
computer for the plugin installation to
complete.
• Once done, you will be able to login into
RAS3 or RAS4 without any further issues.
If in the event that the above steps do not remediate
the login issue, please apply the following steps:

Step 3: McAfee Check

• Right click on the McAfee icon on the
bottom right hand corner of your desktop
(note you might have to click on the arrow
to show hidden icons) and open the
“McAfee Agent status monitor “ as indicated
in the below screenshot

• The window in the screenshot below will

pop-up. You then have to click each of the
buttons on the right as highlighted in the
screenshot.
NB. After clicking on “Check New Policies”,
wait for a minute before you click on
“Enforce policies”.

Step 4: Check multiple versions of Citrix plugin

• Go to Control Panel
• Select “Programs and Features”
• Check and ensure that the following is
present with corresponding versions:
• If multiple versions are found, please
remove, and retain the latest versions only,
as this will cause login issues.
Step 5: Still not working
• If issues persist, please uninstall both the
plugins
• Reboot the workstation
• Reinstall the plugins
This will clear any dropped entries in the Registry.

5.3 Sorry but we’re having trouble signing you in

• Please use the process in Section 2 to enable

access or Contact the Service Desk on
0860 100 458.

• This error appears if you have not been

onboarded on to
https://ras.standardbank.co.za/

5.4 My Untrusted Windows device is not getting a VPN Connection

 Please use the process in Section 1.3.1 to
enable Full VPN.

5.5 My Untrusted MacOS device is not getting a VPN Connection

Please use the process in 1.3.2 to enable Full

VPN.

5.6 Untrusted MacOS device with FileVault enabled, fails posturing check

The name of drive in Disk Utility must be Macintosh

HD.

To change the Name, launch Disk Utility

Change the Disk Drive Name to Macintosh HD

Note: FileVault must be enabled to qualify for a VPN

connection.

5.7 I cannot access Avaya on https://ras.standardbank.co.za/

Please ensure that you have followed the

Avaya onboarding process using the Avaya
MyAccess Process
 5.8 I am fully compliant for Full VPN and still cannot get a Full VPN connection

Please ensure that you do not belong to

RAS_SouthAfrica_Users and
RAS_Untrusted_FullVPN membership to Contact the Service Desk on 0860 100 458
these groups need to be exclusive.

5.9 I am unable to reach sites or servers on https://ras.standardbank.co.za/

Please provide details i.e:

Please log a call with the Citrix Team • Site Name/URL
• Application Name

5.10 I have Windows 10 Home Edition

Windows 10 Home Edition is not supported

for Untrusted Full VPN Access Upgrade to a Bank supported version

5.11 You are not allowed to login error

Your SMTP address in your user account

needs to be configured/updated Log a call with Logical Access Management

5.12 Citrix Workspace Updates

The Citrix Workspace Client is popping up

with One or more updates are available.
After clicking Download, an Error Installing
Updates is displayed.

To prevent this from happening,

1. Click expand icon on the bottom right
2. Left Click on the Citrix Workspace
Application icon
3. Click on Advanced Preferences

4. Click on Citrix Workspace Updates

5. Click on No, don’t notify me
6. Click on Save
7. Close the Citrix Workspace Application.

5.13 SAMLRequest or SAMLResponse error during login

SAML Token are being cached by your Web

Browser, Clear browser cache and try again.

5.14 Login hanging at Checking out forward proxy

The login process is stuck at Checking out

forward Proxy.
To fix this:
1. Uninstall McAfee Antivirus Software
2. Re-install McAfee Antivirus Software