Product documentation
Citrix Cloud™
View PDF

Connect Microsoft Entra ID to Citrix Cloud™

June 9, 2026
Contributed by: 
C

Citrix Cloud supports using Microsoft Entra ID (ME-ID) to authenticate Citrix Cloud administrators and workspace subscribers.

By using Microsoft Entra ID with Citrix Cloud, you can:

  • Leverage your own Active Directory, so you can control auditing, password policies, and easily disable accounts when needed.
  • Configure multifactor authentication for a higher level of security against the possibility of stolen sign-in credentials.
  • Use a branded sign-in page, so your users know they’re signing in at the right place.
  • Use federation to an identity provider of your choice including ADFS, Okta, and Ping, among others.

Microsoft Entra ID app and permissions

Citrix Cloud includes an Microsoft Entra ID app that allows Citrix Cloud to connect with Microsoft Entra ID without the need for you to be logged in to an active Microsoft Entra ID session. Since the introduction of this app, Citrix released updates that improve performance and support new features and permissions.

If you have an existing Microsoft Entra ID connection to Citrix Cloud and want to use the latest updated app, you need to update your Microsoft Entra ID connection in Citrix Cloud. For more information, see Reconnect to Microsoft Entra ID for the updated app in this article. If you choose not to update the app, your existing connection continues to function normally.

For more information about the Microsoft Entra ID apps and permissions that Citrix Cloud uses to connect with your Microsoft Entra ID, see Microsoft Entra ID permissions for Citrix Cloud.

Tip:

Learn more about supported identity providers with the Introduction to Citrix Identity and Authentication education course. The “Planning Citrix Identity and Access Management” module includes short videos that walk you through connecting this identity provider to Citrix Cloud and enabling authentication for Citrix Workspace.

Authentication with multiple Citrix Cloud accounts

This article describes how to connect your Microsoft Entra ID as an identity provider to a single Citrix Cloud account. If you have multiple Citrix Cloud accounts, you can connect each one to the same Microsoft Entra ID tenant. Perform the following tasks:

  1. Sign in to your Citrix Cloud account and select the appropriate customer ID from the customer picker.
  2. If the selected customer is the first one that you’re connecting to your Microsoft Entra ID, follow all the steps in this article for syncing your AD and Microsoft Entra ID, connecting the customer to Citrix Cloud, and adding administrators.
  3. To connect another customer, click the user menu in the top-right corner of the Citrix Cloud console, select Change customer, and select the next customer ID you want to connect.
  4. Connect the customer to your Microsoft Entra ID as described in Connect Citrix Cloud to Microsoft Entra ID in this article.
  5. Repeat Steps 3 and 4 for each customer ID.

Prepare your Active Directory and Microsoft Entra ID

Before you can use Microsoft Entra ID, be sure you meet the following requirements:

  • You have a Microsoft Azure account. Every Azure account comes with Microsoft Entra ID free of charge. If you don’t have an Azure account, sign up at https://azure.microsoft.com/en-us/free/?v=17.36.
  • You have the Global admin role in Microsoft Entra ID. This role is required to give Citrix Cloud your consent to connect with Microsoft Entra ID.
  • Administrator accounts have their “mail” property configured in Microsoft Entra ID. To do this, you can sync accounts from your on-premises Active Directory into Microsoft Entra ID using Microsoft’s Microsoft Entra ID Connect tool. Alternatively, you can configure non-synced Microsoft Entra ID accounts with Office 365 email.

Sync accounts with Microsoft Entra ID Connect

  1. Ensure that the Active Directory accounts have the Email user property configured:
    1. Open Active Directory Users and Computers.
    2. In the Users folder, locate the account you want to check, right-click and select Properties. On the General tab, verify the Email field has a valid entry. Citrix Cloud requires that administrators added from Microsoft Entra ID have different email addresses than administrators who sign in using a Citrix-hosted identity.
  2. Install and configure Microsoft Entra ID Connect. For complete instructions, see Getting started with Microsoft Entra ID Connect using express settings on the Microsoft Azure website.

Connect Citrix Cloud to Microsoft Entra ID

When connecting your Citrix Cloud account to your Microsoft Entra ID, Citrix Cloud needs permission to access your user profile (or the profile of the signed-in user) in addition to the basic profiles of the users in your Microsoft Entra ID. Citrix requests this permission so it can acquire your name and email address (as the administrator) and enable you to browse for other users and add them as administrators later. For more information about the app permissions that Citrix Cloud requests, see Microsoft Entra ID permissions for Citrix Cloud.

Important:

You must be a Global admin in Microsoft Entra ID to complete this task or ask any Global admin to perform the prerequisites before signing in to Citrix Cloud.

  1. Click Menu on the top-left corner of the page and select Identity and Access Management.
  2. Locate Microsoft Entra ID and select Connect from the ellipsis menu.
  3. When prompted, enter a short, URL-friendly identifier for your company and click Connect. The identifier you choose must be globally unique within Citrix Cloud.
  4. When prompted, sign in to the Azure account with which you want to connect. Azure shows you the permissions that Citrix Cloud needs to access the account and acquire the information required for connection. Most of these permissions are read-only and allow Citrix Cloud to gather basic information from your Microsoft Graph such as groups and user profiles. If you integrated Citrix Endpoint Management or XenMobile Server with Microsoft Intune, you must grant Microsoft Intune-related read-write permissions. For more information, see Microsoft Entra ID Permissions for Citrix Cloud.
  5. Click Accept to accept the permissions request.

Alternative connection method

You can separate connection flow in the following two phases:

  1. Microsoft Entra ID app creation in Azure.
  2. Citrix Cloud connection to the Microsoft Entra ID app in Citrix Cloud.

First, you need to construct a URL that the Global admin can use to add the enterprise apps into the tenant. For more information, see Construct the URL for granting tenant-wide admin consent.

Here is the explanation of the constructed URL. https://login.microsoftonline.com/<tenant url>/adminconsent?client_id=f9c0e999-22e7-409f-bb5e-956986abdf02&redirect_uri=https://portal.azure.com

where: tenant url is your tenant URL or ID. f9c0e999-22e7-409f-bb5e-956986abdf02 is the client ID for Citrix Cloud.

Add administrators to Citrix Cloud from Microsoft Entra ID

Citrix Cloud supports adding administrators either individually or as Microsoft Entra ID groups.

To add individual administrators from Microsoft Entra ID, see Manage administrator access.

To add Microsoft Entra ID administrator groups to Citrix Cloud, see Manage administrator groups.

Sign in to Citrix Cloud using Microsoft Entra ID

After the Microsoft Entra ID user accounts are connected, users can sign in to Citrix Cloud using one of the following methods:

  • Navigate to the administrator sign-in URL that you configured when you initially connected the Microsoft Entra ID identity provider for your company. Example: https://citrix.cloud.com/go/mycompany
  • From the Citrix Cloud sign-in page, click Sign in with my company credentials., type the identifier you created when you initially connected Microsoft Entra ID (for example, “mycompany”), and click Continue.

Enable Microsoft Entra ID authentication for workspaces

After you connect Microsoft Entra ID to Citrix Cloud, you can allow your subscribers to authenticate to their workspaces through Microsoft Entra ID.

Important:

Before enabling Microsoft Entra ID workspace authentication, review the Microsoft Entra ID section for considerations for using Microsoft Entra ID with workspaces.

  1. In Citrix Cloud, click the menu button in the top-left corner and select Workspace Configuration.
  2. From the Authentication tab, select Microsoft Entra ID.
  3. Click Confirm to accept the workspace experience changes that will occur when Microsoft Entra ID authentication is enabled.

Enable advanced Microsoft Entra ID capabilities

Microsoft Entra ID provides advanced multifactor authentication, world-class security features, federation to 20 different identity providers, and self-service password change and reset, among many other features. Turning these features on for your Microsoft Entra ID users enables Citrix Cloud to leverage those capabilities automatically.

To compare Microsoft Entra ID service level capabilities and pricing, see https://azure.microsoft.com/en-us/pricing/details/active-directory/.

Reconnect to Microsoft Entra ID for the updated app

Citrix Cloud includes an Microsoft Entra ID app that allows Citrix Cloud to connect with Microsoft Entra ID without the need for you to be logged in to an active Microsoft Entra ID session. Since the introduction of this app, Citrix has updated the app as follows:

  • In August 2018, the app was updated to improve performance and allow you to be ready for future releases.
  • In May 2019, the app was updated to support adding Microsoft Entra ID administrator groups to Citrix Cloud.
  • In April 2022, the app was updated to use the GroupMember.Read.All permission, which replaces the Group.Read.All permission.

If you connected your Microsoft Entra ID to Citrix Cloud before these updates were released and you want to use the latest updated app, you need to disconnect your Microsoft Entra ID from Citrix Cloud and then reconnect it. Using the latest app is optional. If you choose not to update the app, your existing connection still functions normally.

Requirements

Before you reconnect your Microsoft Entra ID, verify that you meet the following requirements:

  • You must be an administrator with full access permissions under the default Citrix identity provider. If you are signed in to Citrix Cloud with your Microsoft Entra ID credentials, the reconnection fails. If you don’t have any administrators using the Citrix identity provider in your account, you can temporarily add one and delete it after reconnecting your Microsoft Entra ID. For instructions, see Invite individual administrators.
  • If you are using Microsoft Entra ID to authenticate workspace subscribers, select a different identity provider temporarily. Citrix Cloud doesn’t allow you to disconnect your Microsoft Entra ID if it’s also used as an authentication method for Citrix Workspace. For more information, see Choose or change authentication methods in the Citrix Workspace documentation.

To reconnect Microsoft Entra ID

  1. Sign in to Citrix Cloud as an administrator with full access permissions under the Citrix identity provider.
  2. From the Citrix Cloud menu, select Identity and Access Management and then select Authentication.
  3. Locate Microsoft Entra ID and select Disconnect from the ellipsis menu at the far right of the page.
  4. From the ellipsis menu, select Connect.

Note:

If you are disconnecting the Microsoft Entra ID as mentioned in step 3, Citrix Cloud requests the admin to delete all the admin profiles under this Identity Provider. To bypass this effort, the admin can follow the steps below to reconnect the Microsoft Entra ID Identity provider.

  1. As a Global admin, navigate to Azure and delete the App.
  2. Login to Citrix Cloud and navigate to Identity and Access Management and click Authentication. From the Authentication tab, you can notice that Microsoft Entra ID is still connected.
  3. Add a new Administrator in Citrix Cloud for Microsoft Entra ID.

This will trigger the recreation of the app and the reconnection without deleting the administrators.

Connect Microsoft Entra ID to Citrix Cloud™
June 9, 2026
Contributed by: 
C
June 9, 2026
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.