Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud (Technical Preview)

Citrix Cloud supports using an on-premises Citrix Gateway as an identity provider to authenticate subscribers signing in to their workspaces.

Note:

Citrix Gateway authentication is currently in Technical Preview. Citrix recommends using technical preview features only in test environments.

By using Citrix Gateway authentication, you can:

  • Continue authenticating users through your existing Citrix Gateway so they can access the resources in your on-premises Virtual Apps and Desktops deployment through Citrix Workspace.
  • Use the Citrix Gateway authentication, authorization, and auditing (AAA) functions with Citrix Workspace.
  • Use features such as pass-through authentication, smart cards, secure tokens, conditional access policies, federation, and many others while providing your users access to the resources they need through Citrix Workspace.

Supported versions

Citrix Gateway authentication is supported for use with the following product versions:

  • Citrix Gateway 12.1 52.15 or later
  • Citrix Gateway 13.0 36.27 or later

Task overview

To set up Citrix Gateway authentication, you perform the following tasks:

  1. Connect your Active Directory to Citrix Cloud. In this step, you install the Cloud Connectors that enable Citrix Cloud to communicate with your on-premises environment.
  2. In Identity and Access Management, start configuring the connection to your Gateway. In this step, you generate the client ID, secret, and redirect URL for the Gateway.
  3. On the Gateway, create an OAuth IDP policy using the generated information from Citrix Cloud. This enables Citrix Cloud to connect with your on-premises Gateway. For instructions, see the following articles:
  4. In Workspace Configuration, enable Citrix Gateway authentication for subscribers.

To enable Citrix Gateway authentication for workspace subscribers

  1. From the Citrix Cloud menu, select Identity and Access Management.
  2. From the Authentication tab, in Citrix Gateway, click the ellipsis menu and select Connect. Gateway authentication option with Connect menu highlighted
  3. Enter the FQDN of your on-premises Gateway and click Detect. Gateway FQDN dialog with Detect command highlighted After Citrix Cloud detects it successfully, click Continue.
  4. Create a connection with your on-premises Gateway:
    1. Copy the Client ID, Secret, and Redirect URL that Citrix Cloud displays. Connection dialog with generated information Also, download a copy of this information and save it securely offline for your reference. This information is not available in Citrix Cloud after it’s generated.
    2. On the Gateway, create an OAUth IDP policy using the client ID, Secret, and Redirect URL from Citrix Cloud. For instructions, see the following articles:
    3. Click Test and Finish. Citrix Cloud verifies that your Gateway is reachable and configured correctly.
  5. Enable Citrix Gateway authentication for workspaces:
    1. From the Citrix Cloud menu, select Workspace Configuration.
    2. From the Authentication tab, select Citrix Gateway.
    3. Select I understand the impact on subscriber experience and then click Save.

Troubleshooting

If you experience an issue establishing a connection between Citrix Cloud and your on-premises Gateway, verify the following items:

Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud (Technical Preview)