Identity and access management
Identity providers are used for the following purposes:
- Authenticate administrators when they sign in to Citrix Cloud Japan
- Provide access to user lists for assigning Library offerings to workspace subscribers
- Authenticate workspace subscribers when they sign in through Citrix Workspace app.
Citrix Cloud Japan supports the following identity providers. These identity providers can be used to authenticate Citrix Cloud administrators, workspace subscribers, or both.
| Identity provider | Administrator authentication | Subscriber authentication |
|---|---|---|
| Citrix identity provider (default) | Yes | No |
| On-premises Active Directory (AD) | No | Yes |
| Azure Active Directory | Yes | Yes |
| On-premises Citrix Gateway | No | Yes |
| Okta | No | Yes |
| SAML 2.0 | Yes (AD groups only - preview) | Yes |
Administrator authentication
By default, Citrix Cloud Japan uses the built-in Citrix identity provider to authenticate administrators when they sign in. Alternatively, you can connect your Azure AD as an identity provider to authenticate Citrix Cloud Japan administrators. You can also use SAML 2.0 to authenticate administrator groups in your AD.
If you use your Azure AD or SAML 2.0 for administrator authentication, administrators can sign in to Citrix Cloud Japan using a unique URL. To sign in, administrators enter the identifier for the Citrix Cloud Japan account.
Note:
If using Azure AD for administrator authentication, Citrix recommends maintaining at least one full access account under the Citrix identity provider to ensure that:
- You won’t be locked out of your Citrix Cloud Japan account if Azure AD is disconnected before setting up an alternative identity provider.
- You can access your Citrix Cloud Japan account to perform certain operations that can’t be completed when signed in as an administrator through Azure AD. For instance, if Citrix updates the Azure AD application connecting to your Azure AD, ensure it’s also updated in your Citrix Cloud Japan account. Only a full access administrator under the Citrix identity provider can perform this update.
Workspace authentication
Except for the Citrix identity provider, you can use all supported identity providers for authenticating workspace subscribers when they sign in through Citrix Workspace app.
Prerequisites for identity providers
Before linking with Citrix Cloud Japan, the installation of the Citrix Cloud Connector in your on-premises environment is necessary for the following supported identity providers:
- Active Directory
- On-premises Citrix Gateway
- Okta
- SAML 2.0
To learn more about the prerequisites for each supported identity provider, refer to the articles in More information in this article.
Application and desktop delivery to users
When using Citrix DaaS, assign users and groups from your AD or Azure AD to resources using one of the following methods.
- In Studio, create a delivery group comprising the desired applications and desktops, specifying the authorized users from your AD for access.
- In Studio, form a delivery group encompassing the desired applications and desktops for delivery, and present it as an offering in the Library. Then, use the Library to select the users from your AD or Azure AD who are authorized to access the resources in the delivery group. This method requires connecting your AD or Azure AD to Citrix Cloud Japan as an identity provider.
More information
For instructions for connecting identity providers to Citrix Cloud Japan, refer to the following articles: