Connect Azure Active Directory to Citrix Cloud Government
By default, Citrix Cloud Government uses the Citrix Cloud Government Identity provider to manage the identity information for all users in your Citrix Cloud Government account. You can change this to use Azure Active Directory (AD) instead.
By using Azure AD with Citrix Cloud Government, you can:
- Leverage your own Active Directory, so you can control auditing, password policies, and easily disable accounts when needed.
- Configure multi-factor authentication for a higher level of security against the possibility of stolen sign-in credentials.
- Use a branded sign-in page, so your users know they’re signing in at the right place.
- Use federation to an identity provider of your choice including ADFS, Okta, and Ping, among others.
Prepare your Active Directory and Azure AD
Before you can use Azure AD, be sure you meet the following requirements:
- Your Azure AD infrastructure is hosted in an Azure Government instance. You cannot federate Azure AD hosted in a commercial Azure instance to Citrix Cloud Government. If you attempt to use Azure AD in a commercial Azure instance with Citrix Cloud Government, Azure AD does not work. If you don’t have an Azure Government account, sign up at https://azure.microsoft.com/en-us/global-infrastructure/government/request/.
- Administrator accounts have their “mail” property configured in Azure AD. To do this, you can sync accounts from your on-premises Active Directory into Azure AD using Microsoft’s Azure AD Connect tool. Alternatively, you can configure non-synced Azure AD accounts with Office 365 email.
Sync accounts with Azure AD Connect
- Ensure the Active Directory accounts have the Email user property configured:
- Open Active Directory Users and Computers.
- In the Users folder, locate the account you want to check, right-click and select Properties. On the General tab, verify the Email field has a valid entry. Citrix Cloud requires that administrators added from Azure AD have different email addresses than administrators who sign in using a Citrix-hosted identity.
- Install and configure Azure AD Connect. For complete instructions, see Integrate your on-premises directories with Azure Active Directory on the Microsoft Azure web site.
Connect Citrix Cloud Government to Azure AD
When connecting your Citrix Cloud Government account to your Azure AD, Citrix Cloud Government will need permission to access your user profile (or the profile of the signed-in user) as well as the basic profiles of the users in your Azure AD. Citrix requests this permission so it can acquire your name and email address (as the administrator) and enable you to browse for other users and add them as administrators later.
- Sign in to Citrix Cloud Government at https://citrix.cloud.us.
- Click the menu button in the top-left corner of the page and select Identity and Access Management.
- Locate Azure Active Directory, click the ellipsis button, and then select Connect.
- When prompted, enter a short, URL-friendly identifier for your company and click Connect. The identifier you choose must be globally unique within Citrix Cloud Government.
- When prompted, sign in to the Azure account with which you want to connect. Azure shows you the permissions that Citrix Cloud Government needs to access the account and acquire the information required for connection.
- Click Accept to accept the permissions request.
Add administrators to Citrix Cloud Government from Azure AD
- From the Citrix Cloud Government management console, from the Identity and Access Management page, click the Administrators tab.
- From the Add administrators from menu, select the Azure AD option.
- In the search box, start typing the name of the user you want to add and invite them to the account as described in Add administrators to a Citrix Cloud account. Citrix Cloud Government sends the user an email containing a link to accept the invitation.
After clicking the email link, the user signs in to the company’s Azure Active Directory. This verifies the user’s email address and completes the connection between the Azure AD user account and Citrix Cloud Government.
Sign in to Citrix Cloud using Azure AD
After the Azure AD user accounts are connected, users can sign in to Citrix Cloud Government using one of the following methods:
- Navigate to the administrator sign-in URL that you configured when you initially connected the Azure AD identity provider for your company. Example:
- From the Citrix Cloud Government sign-in page, click Sign in with my organization credentials, type the identifier you created when you initially connected Azure AD, and click Continue.
Enable advanced Azure AD capabilities
Azure AD provides advanced multi-factor authentication, world-class security features, federation to 20 different identity providers, and self-service password change and reset, among many other features. Turning these features on for your Azure AD users enables Citrix Cloud Government to leverage those capabilities automatically.