Identity and access management for Citrix Cloud Government

Identity and access management includes the identity providers and accounts used for Citrix Cloud Government administrators and workspace subscribers.

Identity providers

The Citrix Cloud Government identity provider is the default identity provider. The identity information is managed for all administrators in Citrix Cloud Government account. You can change the provider to a different identity provider to authenticate administrators, workspace subscribers, or both.

Citrix Cloud Government supports the following identity providers:

  • Azure Active Directory: For authenticating Citrix Cloud Government administrators and workspace subscribers.
  • Active Directory: For authenticating workspace subscribers.
  • Citrix Gateway: For authenticating workspace subscribers.
  • Okta: For authenticating workspace subscribers.
  • SAML 2.0: For authenticating administrators (preview) and workspace subscribers.

Administrators

Administrators use their identity to access Citrix Cloud Government, perform management activities, and install the Citrix Cloud Connector.

Citrix Cloud Government identity provider authenticates administrators using an email address and password. Administrators can also use their My Citrix credentials to sign in to Citrix Cloud Government.

Subscribers

A subscriber’s identity defines the services to which they have access in Citrix Cloud Government. This identity comes from Active Directory domain accounts provided from the domains within the resource location. Assigning a subscriber to a Library offering authorizes the subscriber to access that offering.

Administrators can control which domains are used to provide these identities on the Domains tab. If you plan to use domains from multiple forests, install at least two Cloud Connectors in each forest. Citrix recommends at least two Cloud Connectors to maintain a high availability environment.

Note:

  • Disabling domains prevents new identities only from being selected. It does not prevent subscribers from using identities that are already assigned.
  • Each Cloud Connector list and use all the domains from the single forest in which it is installed.

For more information, see the following articles in the Citrix Cloud product documentation:

Identity and access management for Citrix Cloud Government