Product documentation
Adaptive Authentication service
View PDF

Migrate your authentication method to Adaptive Authentication

September 6, 2025
Contributed by: 
C

Customers already using Adaptive Authentication with authentication method as Citrix Gateway must migrate Adaptive Authentication and then remove the OAuth configuration from the Adaptive Authentication instance.

  1. Switch to a different authentication method other than Citrix Gateway.

  2. In Citrix Cloud™ > Identity and Access Management, click the ellipsis button corresponding to Citrix Gateway and then click Disconnect.

    Disconnect gateway

  3. Select I understand the impact on the subscriber experience, and then click Confirm.

    When you click Confirm, the workspace login to end users is impacted and Adaptive Authentication is not used for authentication until Adaptive Authentication is enabled again.

  4. In the Adaptive Authentication instance management console, remove the OAuth related configuration.

    By using the CLI:

    unbind authentication vs <authvsName> -policy <oauthIdpPolName>
rm authentication oauthIdpPolicy <oauthIdpPolName>
rm authentication oauthIdpProfile <oauthIdpProfName>
<!--NeedCopy-->

    By using the GUI:

    1. Navigate to Security > AAA - Application Traffic > Virtual Servers.
    2. Unbind the OAuth policy.
    3. Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies > OAuth IDP.
    4. Delete the OAuth policy and profile.

  5. Navigate to Citrix Cloud > Identity and Access Management. In the Authentication tab, in Adaptive Authentication, click the ellipsis menu and select Manage.

    OR access https://adaptive-authentication.cloud.com

  6. Click See Details.
  7. In the Upload Certificate screen, do the following:
    • Add the Adaptive Authentication FQDN.
    • Remove the certificates and key files and upload it again.

    Edit FQDN

    Important:

    If you edit an FQDN or the certificate-key pair directly without migrating to Adaptive Authentication, connection to Identity and Access Management fails and the following errors are displayed. You must migrate to the Adaptive Authentication method to fix these errors.

    • ADC command failed with an error. A policy is already bound to the specified priority.
    • ADC command failed with an error. Cannot unbind a policy that is not bound.

  8. Click Save Changes.

    At this point, Identity and Access Management displays Adaptive Authentication as Connected and the Adaptive Authentication instance has the OAuth profile auto configured.

    You can validate this from the GUI.

    1. Access your Adaptive Authentication instance and log in with your credentials.
    2. Navigate to Security > AAA - Application Traffic > Virtual Servers. You must see that the OAuth IdP profile created.
    3. Navigate to Citrix Cloud > Identity and Access Management. Adaptive Authentication is in the Connected status.

  9. Enable the Adaptive Authentication method again by clicking Enable (step 3) in the Adaptive Authentication home page.

    Enable authentication

    This step enables the authentication method as Adaptive Authentication in your workspace configuration.

  10. Click the workspace link on step 3 after clicking Enable. You must see that the authentication method is changed to Adaptive Authentication.

Note:

New users must follow the same steps excluding the step to remove the OAuth related configuration.

Migrate your authentication method to Adaptive Authentication
September 6, 2025
Contributed by: 
C
September 6, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.