Connect Microsoft Entra ID to Citrix Cloud™ Government

By default, Citrix Cloud Government uses the Citrix Cloud Government Identity provider to manage the identity information for all users in your Citrix Cloud Government account. You can change the identity provider to use Microsoft Entra ID instead.

By using Microsoft Entra ID with Citrix Cloud Government, you can:

  • Use your own Active Directory, so you can control auditing, password policies, and easily disable accounts when needed.
  • Configure multifactor authentication for a higher level of security against the possibility of stolen sign-in credentials.
  • Use a branded sign-in page, so your users know they are signing in at the right place.
  • Use federation to an identity provider of your choice including ADFS, Okta, and Ping, among others.

Prepare your Active Directory and Microsoft Entra ID

Before you can use Microsoft Entra ID, be sure you meet the following requirements:

  • Your Microsoft Entra ID infrastructure is hosted in an Azure Government instance. You can’t federate Microsoft Entra ID hosted in a commercial Azure instance to Citrix Cloud Government. If you attempt to use Microsoft Entra ID in a commercial Azure instance with Citrix Cloud Government, Microsoft Entra ID does not work. If you don’t have an Azure Government account, sign up at https://azure.microsoft.com/en-us/global-infrastructure/government/request/.
  • Administrator accounts have their “mail” property configured in Microsoft Entra ID. To configure, you can sync accounts from your on-premises Active Directory into Microsoft Entra ID using Microsoft’s Microsoft Entra ID Connect tool. Alternatively, you can configure non-synced Microsoft Entra ID accounts with Office 365 email.

Sync accounts with Microsoft Entra ID Connect

  1. Ensure that the Active Directory accounts have the Email user property configured:
    1. Open Active Directory Users and Computers.
    2. In the Users folder, locate the account you want to check, right-click, and select Properties. On the General tab, verify the Email field has a valid entry. Citrix Cloud requires that administrators added from Microsoft Entra ID have different email addresses than administrators who sign in using a Citrix-hosted identity.
  2. Install and configure Microsoft Entra ID Connect. For complete instructions, see Integrate your on-premises directories with Microsoft Entra ID on the Microsoft Azure website.

Connect Citrix Cloud Government to Microsoft Entra ID

When connecting your Citrix Cloud Government account to your Microsoft Entra ID, Citrix Cloud Government needs permission to access your user profile (or the profile of the signed-in user). Along with the basic profiles of the users in your Microsoft Entra ID. Citrix requests this permission so it can acquire your name and email address (as the administrator). Or the users can be and add as administrators later.

  1. Sign in to Citrix Cloud Government at https://citrix.cloud.us.
  2. Click the menu button in the top-left corner of the page and select Identity and Access Management.
  3. Locate Microsoft Entra ID, click the ellipsis button, and then select Connect.
  4. When prompted, enter a short, URL-friendly identifier for your company and click Connect. The identifier you choose must be globally unique within Citrix Cloud Government.
  5. When prompted, sign in to the Azure account with which you want to connect. Azure shows you the permissions that Citrix Cloud Government must access the account and acquire the information required for the connection.
  6. Click Accept to accept the permission request.

Add administrators to Citrix Cloud Government from Microsoft Entra ID

  1. From the Citrix Cloud Government management console, from the Identity and Access Management page, click the Administrators tab.
  2. Select Add administrator/group.
  3. In Administrator details, select Microsoft Entra ID.
  4. Type the name of the user that you want to add and then click Next.
    • Inviting Microsoft Entra ID guest users is not supported.
  5. In Set access, configure the appropriate permissions for the administrator.
  6. Review the administrator details. Select Back to make any changes.
  7. Select Send invitation. Citrix Cloud Government sends an invitation to the user you specified and adds the administrator to the list.

After clicking the email link, you can sign in to the company’s Microsoft Entra ID. You can verify the user’s email address and completes the connection between the Microsoft Entra ID user account and Citrix Cloud Government.

Add Microsoft Entra ID administrator groups to Citrix Cloud Government

You can add administrators to your Citrix Cloud Government account using Microsoft Entra ID (AD) groups. You can then manage service access permissions for all administrators in the group.

This feature is supported for users only with Citrix DaaS (formerly Citrix Virtual Apps and Desktops™ service). Administrators in the group don’t have access to manage any other services in the Citrix Cloud Government account.

For more information, see Manage administrator groups.

Sign in to Citrix Cloud using Microsoft Entra ID

After the Microsoft Entra ID user accounts are connected, users can sign in to Citrix Cloud Government using one of the following methods:

  • Navigate to the administrator sign-in URL that you configured when you initially connected the Microsoft Entra ID identity provider for your company. Example: https://citrix.cloud.us/go/myorganization
  • From the Citrix Cloud Government sign-in page, click Sign in with my organization credentials, type the identifier you created when you initially connected Microsoft Entra ID, and click Continue.

Enable advanced Microsoft Entra ID capabilities

Microsoft Entra ID provides advanced multifactor authentication, world-class security features. Federation to 20 different identity providers. Self-service password change and reset, among many other features. Turning these features on for your Microsoft Entra ID users enables Citrix Cloud Government to use those capabilities automatically.