Product Documentation

What Is Identity and Access Management?

Jan 25, 2017
localized image

Identity and Access Management defines the accounts used for administration of and subscribers to Citrix Cloud and its offerings.

There are 2 sets of identities for Citrix Cloud:

  1. Administrators
  2. Subscribers


Administrators use their identity to access Citrix Cloud and to perform management activities and install the Citrix Cloud Connector.

A Citrix identity mechanism provides authentication for administrators. It uses an email address and password to authenticate the user. You can also use your My Citrix credentials to login to Citrix Cloud.

Adding New Administrators

During the customer account onboarding process an initial administrator is created. The administrator can then invite other administrators to join Citrix Cloud. These new administrators can use their existing Citrix account credentials or set up a new account if needed.

Managing Your Passwords

If you forget or want to reset your password, there is a "Forgot your password?" link on the login page.  This link will direct you to a password-reset page.

Removing Administrators

Remove administrators from the customer account by using the Administrator tab within Identity and Access Management. An administrator will not be able to log in to Citrix Cloud if you remove access.  

An administrator logged in when the account is removed will stay active for a maximum of 1 minute. After this, any attempt to access Citrix Cloud is denied without valid credentials.


  • You can’t remove the last administrator from the customer account. There must be at least one administrator per customer.
  • Citrix Cloud Connectors are not linked to an administrator account. Connectors will continue operating even if the administrator who installed it is removed from the customer account.


Subscriber identity defines which subscribers have access to services through Citrix Cloud. These identities come from Active Directory domain accounts provided from the domains within the Resource Location.

Citrix Cloud administrators can control which domains can be used to provide these identities from the Domains tab in Identity and Access Management pages in Citrix Cloud.

Note: Disabling domains for use does not stop any already allocated identities being used by subscribers; it simply stops any new identities being selected

Assigning subscribers to Cloud Library offerings authorizes access to those offerings.

If you plan to use domains from multiple forests, install a Citrix Cloud Connector in each forest. We recommend that you assign more than 1 Cloud Connector to each forest to maintain a highly available environment.

Note: Each Cloud Connector can enumerate and use all the domains from the single forest that it is installed in.

Managing Subscriber Usage

Add subscribers to offerings using individual accounts or Active Directory groups. The use of groups enables customers to manage access via group management of Active Directory. This does not require management via Citrix Cloud once you assign the group to an offering.

When an administrator removes a subscriber account or group of subscriber accounts from an offering, subscribers will no longer be able to access the service. The exact behavior may differ between the services offered. For more details about different Citrix services, refer to service-specific documentation.