Connect Active Directory to Citrix Cloud
By default, Citrix Cloud uses the Citrix identity provider to manage the identity information for all users in your Citrix Cloud account. You can change this to use Active Directory (AD) instead.
Citrix Cloud also supports using tokens as a second factor of authentication for subscribers signing in to their workspaces through Active Directory. Workspace subscribers can generate tokens using any app that follows the Time-Based One-Time Password standard, such as Citrix SSO.
For more information about authenticating workspace subscribers with Active Directory plus tokens, see Active Directory plus token.
Some workspace authentication methods require a connection between your AD and Citrix Cloud. For more information, see Change authentication to workspaces.
Active Directory authentication
Connecting your Active Directory to Citrix Cloud involves installing Cloud Connectors in your domain. Citrix recommends installing at least two Cloud Connectors for high availability. For more information, see the following articles:
- Cloud Connector Technical Details: For system requirements and deployment recommendations.
- Cloud Connector Installation: For installation instructions using either the graphical interface or the command line.
Connecting your Active Directory to Citrix Cloud involves the following tasks:
- Install Cloud Connectors in your domain. Citrix recommends installing two Cloud Connectors for high availability.
- If applicable, enable tokens for user devices. Subscribers can enroll only one device at a time.
To connect your Active Directory to Citrix Cloud
- From the Citrix Cloud menu, select Identity and Access Management.
- From the Authentication tab, in Active Directory, click the ellipsis menu and select Connect.
- Click Install Connector to download the Cloud Connector software.
- Launch the Cloud Connector installer and follow the installation wizard.
- From the Connect to Active Directory page, click Detect. After verification, Citrix Cloud displays a message that your Active Directory is connected.
- Click Return to Authentication. The Active Directory entry is marked Enabled on the Authentication tab.
To enable Active Directory plus token authentication
- Perform Steps 1-5 as described in To connect your Active Directory to Citrix Cloud.
- After Citrix Cloud verifies the connection with your Active Directory, click Next. The Configure Token page appears and the Single device option is selected by default.
- Click Save and Finish to complete the configuration. On the Authentication tab, the Active Directory + Token entry is marked as Enabled.
- Enable token authentication for workspaces:
- From the Citrix Cloud menu, select Workspace Configuration.
- From the Authentication tab, select Active Directory + Token.
After enabling Active Directory plus token authentication, Workspace subscribers can register their device and use an authenticator app to generate tokens. Subscribers can register only one device at a time. For instructions to register subscribers’ devices, see Register devices for two-factor authentication.
For options to re-enroll subscribers’ devices, see To re-enroll devices.