Add administrators to a Citrix Cloud Government account

Administrators are managed from the Citrix Cloud Government console. If you want to be added as an administrator to an existing Citrix Cloud Government account, you must be invited by an existing administrator of the account.

By default, new administrators have Full Access permissions to all functions in the Citrix Cloud Government account. See Configure administrator permissions in this article to learn how to delegate account administration.

Invite new administrators

This section describes how to invite individual administrators to Citrix Cloud Government.

Note:

If you’re using Azure Active Directory (AD) as your identity provider for Citrix Cloud Government, you can add administrators using Azure AD groups. Administrators that you add using this method don’t need to be explicitly invited. However, these administrators can only manage the Virtual Apps and Desktops service. For more information, see Add Azure AD administrator groups to Citrix Cloud.

  1. After signing in to Citrix Cloud Government, select Identity and Access Management from the menu.

    Management console with Identity and Access Management menu option selected

  2. On the Identity and Access Management page, click Administrators. The console shows all the current administrators in the account.

    Identity and Access Management page with Administrators tab selected

  3. To select administrators using the default identity provider:
    1. From the Add administrators from… menu, select Citrix Cloud Government Identity.
    2. Enter the email address of the person you want to invite.
  4. To select administrators using Azure Active Directory:
    1. From the Add administrators from… menu, select Azure AD.
    2. Click Sign In and provide your credentials for your Azure AD instance on Azure Government.
    3. Type the user name of the person you want to invite. The email address associated with the user name appears.
  5. Click Invite.
  6. Configure the appropriate permissions for the administrator. Full access (selected by default) allows control of all Citrix Cloud functions and subscribed services. Custom access allows control of the functions and services that you select.
  7. Click Send Invite. Citrix Cloud Government sends an invitation to the user you specified and adds the administrator to the list with the status Invite Sent.

The invitation email is sent from cloud@citrix.com and explains how to access the account. The invitation is valid for five consecutive days from the day you send it. After five days have elapsed, the invitation link expires. If the invited administrator uses the expired link, Citrix Cloud displays a message indicating the link is not valid.

Link not valid message

Citrix Cloud also displays the status of the invitation so you can see whether the administrator accepted it and signed in to Citrix Cloud.

Citrix Cloud console with Status column highlighted

To resend the invitation, select Resend Invite Email from the ellipsis menu at the far-right of the console. Resending an invitation doesn’t affect the five-day time limit before the invitation expires.

Citrix Cloud console with Resend Invite Email highlighted

Accept an invitation

If you are invited to a Citrix Cloud Government account, Citrix Cloud Government sends you an email that includes the organization ID and the customer name of the account.

To accept the invitation, click Sign In. Afterwards, a browser window opens. If you don’t already have a Citrix Cloud Government account, the browser displays a page where you can create your password. If you already have an account, Citrix Cloud Government prompts you to use your existing password to sign in.

Configure administrator permissions

When you add administrators to your Citrix Cloud Government account, you might need to assign different levels of access to them, such as:

  • Help desk access for Virtual Apps and Desktops service
  • Access to manage one or more specific cloud services
  • Access to manage specific Citrix Cloud Government functions such as Library or Resource Locations

With delegated administration in Citrix Cloud Government, you can configure the access permissions all of your administrators need in accordance with their role in your organization.

To define access permissions

Only Citrix administrators with Full access can define access permissions for other administrators.

  1. Sign in to Citrix Cloud Government at https://citrix.cloud.us.
  2. Click the menu button in the top-left corner of the page and select Identity and Access Management.
  3. Click the Administrators tab.
  4. Locate the administrator you want to manage, click the ellipsis button, and select Edit access.
  5. Select Custom access.
  6. Select or clear each permission as needed.
  7. Click Save.

Change your device for multifactor authentication

If you lose your enrolled device, want to use a different device with Citrix Cloud Government, or reset your authenticator app, you can re-enroll in multifactor authentication.

Notes

  • Changing your device deletes the current device enrollment and generates a new authenticator app key.
  • If you are re-enrolling with the same authenticator app from your original enrollment, delete the Citrix Cloud Government entry from your authenticator app before you re-enroll. The codes displayed in this entry will no longer work after you complete re-enrollment. If you don’t delete this entry before or after re-enrollment, your authenticator app displays two Citrix Cloud Government entries with differing codes which can cause confusion when signing in to Citrix Cloud Government.
  • If you are re-enrolling with a new device and don’t have an authenticator app, download and install one from your device’s app store. For a smoother experience, Citrix recommends installing an authenticator app before you re-enroll your device.
  1. Sign in to Citrix Cloud Government and enter the code from your authenticator app. Verification form with Don't have your authenticator app highlighted

    If you don’t have your authenticator app, click Don’t have your authenticator app? and select a recovery method to help you sign in. Depending on the recovery method selected, enter the recovery code you received or an unused backup code and select Verify.

  2. If you are an administrator for multiple customer organizations, select any customer organization.
  3. From the top-right menu, select My Profile.
  4. In Authenticator app, select Change device. Login security section with Change device highlighted
  5. When prompted to confirm changing your device, select Yes, change device.
  6. Verify your identity by entering a verification code from your authenticator app. If you don’t have an authenticator app, select Don’t have your authenticator app? and select a recovery method. Depending on the recovery method you select, enter the verification code or recovery code you receive or an unused backup code. Select Verify.
  7. If you are using the device you originally enrolled and your original authenticator app, delete the existing Citrix Cloud Government entry from your authenticator app.
  8. If you are enrolling a new device and don’t have an authenticator app, download one from your device’s app store.
  9. From your authenticator app, scan the QR code with your device or enter the key manually.
  10. Enter the 6-digit verification code from your authenticator app and select Verify code.

Manage your verification methods

Important:

To ensure that your Citrix Cloud Government account remains secure, keep your verification methods up-to-date with accurate information. If you lose access to your authenticator app, these verification methods are the only way you can recover access to your account.

Verification Methods section in My Profile console

Generate new backup codes

If you lose or need to generate more one-time use backup codes, you can generate a new set of backup codes at any time. After you generate new backup codes, be sure to store them in a safe place.

  1. Sign in to Citrix Cloud Government and enter the code from your authenticator app.
  2. If you are an administrator for multiple customer organizations, select any customer organization.
  3. From the top-right menu, select My Profile.
  4. Under Verification methods, in Backup codes, select Replace backup codes.
  5. Verify your identity by entering a verification code from your authenticator app.
  6. When prompted to replace your backup codes, select Yes, replace. Citrix Cloud Government generates and displays a new set of backup codes.
  7. Select Download codes to download your new codes as a text file. Then, select I’ve saved these codes and select Close.

Note:

You can modify the permissions of Citrix Endpoint Management (CEM) administrators only after the administrator has accepted an administrator invitation and clicked Manage on the CEM tile. Like all Citrix Cloud administrators, CEM administrators have Full access by default.

Change your recovery phone number

  1. Sign in to Citrix Cloud Government and enter the code from your authenticator app.
  2. If you are an administrator for multiple customer organizations, select the customer organization from which you originally enrolled in multifactor authentication.
  3. From the top-right menu, select My Profile.
  4. Under Verification methods, in Recovery phone, select Change recovery phone.
  5. Enter the new phone number you want to use and then select Save.
Add administrators to a Citrix Cloud Government account