Identity and Access Management defines the accounts used for administration of and subscribers to Citrix Cloud and its offerings.
There are 2 sets of identities for Citrix Cloud:
Administrators use their identity to access Citrix Cloud and to perform management activities and install the Citrix Cloud Connector.
A Citrix identity mechanism provides authentication for administrators. It uses an email address and password to authenticate the user. You can also use your My Citrix credentials to login to Citrix Cloud.
During the customer account onboarding process an initial administrator is created. The administrator can then invite other administrators to join Citrix Cloud. These new administrators can use their existing Citrix account credentials or set up a new account if needed.
If you forget or want to reset your password, there is a "Forgot your password?" link on the login page. This link will direct you to a password-reset page.
Remove administrators from the customer account by using the Administrator tab within Identity and Access Management. An administrator will not be able to log in to Citrix Cloud if you remove access.
An administrator logged in when the account is removed will stay active for a maximum of 1 minute. After this, any attempt to access Citrix Cloud is denied without valid credentials.
Subscriber identity defines which subscribers have access to services through Citrix Cloud. These identities come from Active Directory domain accounts provided from the domains within the Resource Location.
Citrix Cloud administrators can control which domains can be used to provide these identities from the Domains tab in Identity and Access Management pages in Citrix Cloud.
Note: Disabling domains for use does not stop any already allocated identities being used by subscribers; it simply stops any new identities being selected.
Assigning subscribers to Cloud Library offerings authorizes access to those offerings.
If you plan to use domains from multiple forests, install a Citrix Cloud Connector in each forest. We recommend that you assign more than 1 Cloud Connector to each forest to maintain a highly available environment.
Note: Each Cloud Connector can enumerate and use all the domains from the single forest that it is installed in.
Add subscribers to offerings using individual accounts or Active Directory groups. The use of groups enables customers to manage access via group management of Active Directory. This does not require management via Citrix Cloud once you assign the group to an offering.
When an administrator removes a subscriber account or group of subscriber accounts from an offering, subscribers will no longer be able to access the service. The exact behavior may differ between the services offered. For more details about different Citrix services, refer to service-specific documentation.