Configuration

Single sign-on (SSO) for Citrix Content Collaboration

Single sign-on (SSO) can be configured using various IdPs and certain SAML 2.0 or 3.0-based federation tools using basic, integrated, or forms authentication. This feature is available for Business and Enterprise plans.

Supported configurations

The following configurations have been tested and are supported for most environments.

Configuration Link
Citrix Endpoint Management Download
ADFS 3.0 Download
ADFS 4.0 (Windows Server 2016) Download
Dual IdP - ADFS and Citrix Endpoint Management Direct Link
NetScaler (version 12) Download
Microsoft Azure AD Direct Link

More configurations

These configurations have been successfully configured and tested by our engineering teams. The following configuration documentation is subject to change due to continued product enhancements and improvements. The following configuration guides are presented as is:

Configuration Link
Centrify/Idaptive Download
G Suite for Business Download
Okta Download
Ping-Federate Download
PingOne / PingID Download
OneLogin Download

Citrix Ready Partners

Click here for information on the Citrix Ready Program

Master administrator

The master administrator maintains all user permissions available on the account and cannot be deleted by any other user. If an account feature is added to the account, the master administrator automatically has access to the feature. Any other users must be granted access as desired by the master administrator.

All subsequent access to the customer’s account is managed by the master administrator account, or administrators designated by the master administrator account.

Identifying the master administrator

To identify the current master administrator, go to Users > Browse Employees. The master administrator has a special icon to the left of their name.

master admin 1

The master administrator is also indicated on the Manage > Admin Overview page.

Changing the master administrator

To change the master administrator for an account, the current master administrator or account owner must sign in and navigate to Manage > Admin Overview.

The current master administrator can use the Reassign account owner option to designate a new master administrator. In the Reassign Account Owner menu, select the new admin from the employees on your account. The new master administrator must be an employee user on the account, and that employee user must have signed in at least once.

The Reassign account owner option is only available to the current master administrator.

Click Assign New Account Owner to complete the process. Once submitted, this change cannot be undone. Only the new master administrator is able to reassign, using the preceding steps.

If the current master administrator is not available to place this request, contact Citrix Support.

Create employees

An employee user is most often an internal user within your company. Employee users are granted a wide range of permissions and access to your account. Creating an employee user consumes an employee license.

Requirements to create an employee user

  • The manage employee users permission.
  • Employee users can only grant or revoke permissions that they themselves have been granted.
  • Only account administrators can delete users from the system.
  • An email address can only be associated with ONE user at a time. You cannot use the same email address for multiple users.

To create an employee, go to Users > Manage Users Home in the Citrix Content Collaboration console in Citrix Cloud. Use the Create Employee button to begin creating a user.

Type your user’s name, email address, and company info. You can also customize their password. Depending on your account type, you can customize the user’s individual bandwidth limit.

You can customize your new employee’s User Access and File settings. Depending on your account or plan and your own permissions, certain permissions might not be visible or applicable. User Access settings are typical access and feature-based permissions you can use to manage your employee’s access and abilities on the account.

employees-2

You can assign folders to your user, and add the user to Distribution Groups. You can also customize the user’s permissions to various folders on your account. To grant a user access to a folder, choose the check box beside the folder name.

employees-3

You can send a Welcome Email to your new user or opt to do so later. This email includes a link to activate their new account.

When a user is added, they are provided an activation link (by email or by a link generated and delivered by the creator). If the newly created user does not access that activation link within 30 days, a new activation link must be sent. When resending an activation link, the previous activation link is deactivated.

  1. In Citrix Content Collaboration, go to Users > Resend Welcome Emails.
  2. Enter your user’s email address or name to add them to the To field, or select them from the Address Book.
  3. Customize your email message as needed.
  4. Click Send.

Accounts utilizing SAML

If you have configured a SAML SSO provider on your account and have created an employee user without any admin permissions, the user does not see or is not prompted to change their password within the activation email. Instead, that user is expected to sign in with their SAML credentials.

Strict employee licensing and company email address

By default, you cannot create a client user with the same email suffix as your company (ex: johndoe@company.com). This option is designed to prevent accounts from circumventing employee licensing requirements.

When a user attempts to create a client user with an employee company email, the user is prompted to send a request to an admin on the account to create the user as an employee.

Admins receive an email notification that allows them to review and approve the user creation request.

Manage employee permissions

Citrix Content Collaboration permissions are designed to give you granular control of your account and the permissions of your users.

Requirements to modify permissions

  • The delegate administrator privileges to other employee users permission or Manage Employee Users permission.
  • Employee users might only give or edit the permissions that they themselves have been given.

How to manage permissions

  1. In Citrix Content Collaboration, go to Users > Manage Users Home.
  2. Browse or search for your user. Choose the user or the Manage icon on the right to open the user profile.
  3. Change permissions as needed, then Save.

Default employee permissions

When creating an employee, the following permissions are granted by default. You can change these settings during the user creation process.

permissions

Note: A gray setting indicates a permission that the creating user does not have access to or is not permitted to give to others, so they cannot grant that permission to another user.

Basic information

  • Date Created
  • Email Address
  • First Name and Last Name
  • Company name.

Notifications

Change the user’s default Notification Frequency settings.

Default email language

Change the user’s default Email Notification Language.

Bandwidth limit

You can choose a maximum monthly bandwidth allowance for the employee. This limit prevents the employee from personally uploading and downloading more data than you allow them. It also applies to all of their folders, so that they cannot share files with others more than you would like for them to.

Employee bandwidth limits can also affect clients that the employee supports by limiting how much they can download from the employee’s folders. Bandwidth limits are used by accounts where employee use might need to be limited to prevent bandwidth overages.

Authentication

This setting is offered if the customer is using Citrix Content Collaboration credentials or two-step verification.

User access

General

Change their password

When a user wants to change their password, they can use the Forgot Password link on the sign-in screen. If the link is not marked, they need to contact an employee who can manage employee permissions for help with signing in.

Access personal settings

In personal settings, a user can manage their name, company name, and avatar. They are able to update or change their password on this page if they have the permission to change their password.

Access Company Account Permissions

Advanced Preferences are account-wide settings that can be turned on or off by an employee user granted the Access Company Account Permissions permission. These settings can be found at Manage > Advanced Preferences.

Files and folders

Use personal File Box

The File Box is a personal storage space where employees can store files for a limited period. This space is not generally a collaborative or shared space, although some users might be given access to see other employee’s File Boxes. If you do choose to take away a user’s access to the File Box, they are not able to use any email plug-in tool or add files from their computer when creating a Share message or Link.

People

Manage Clients

Manage Clients allows the employee to see the People tab in the navigation bar and to add new users to the account. They are also able to edit settings for any clients that they create. Editing a client user’s email address requires the Manage Employees permission.

Edit the shared address book

The Shared Address Book is available to employee users on the account so that they can quickly and easily pull up contact information for users on the account. When this option is checked, the employee is able to add users to the Shared Address Book to allow others to see their contacts on the system.

Share distribution groups

When this permission is enabled, the employee user is able to create a Shared Distribution group.

Edit other users’ shared distribution groups

When setting up a new Distribution Group, users can share the group with all employees. If this permission is enabled, the employee user is able to add more users to a group that has been created on the system and shared with others.

Company Account Info

Edit account appearance

This setting allows the user to configure account branding and appearance settings.

Billing

View receipts and billing notifications

The Receipts & Billing Notifications link in the Admin Settings > Billing section allows any user with this permission enabled to download copies of any receipt or invoice for the account.

Advanced Preferences

The following settings display only when you have the feature enabled on your plan type.

Connectors

Create Network Share Connectors

This permission grants the user the option to create and manage new Network Share Connectors. This permission is only available to Citrix Content Collaboration users on certain plans.

Create SharePoint Connectors

This permission grants the user the option to create and manage new Sharepoint Connectors. This permission is only available to Citrix Content Collaboration users on certain plans.

StorageZones

Select StorageZone for root-level folders

Membership to the Super User Group is required to change another user’s default storage location. This permission is only available to Citrix Content Collaboration users on certain plans.

Delete employees

From Citrix Content Collaboration, click Users > Browse Employees and locate the employee user. Click their name to access their profile page.

On the right side of the profile page, click Delete from the System to delete the user. When you click this button, you are offered the opportunity to reassign all files and folders to another user on the account. Files that are not reassigned are unable to be recovered or restored.

employees-4

Note: When deleting client users, files cannot be reassigned.

Create an external (client) user

Important:

This feature is currently in preview.

An external (client) user is a user outside of your company who does not need access to employee-level Citrix Content Collaboration features but does have access to shared folders and files. There are several ways that you can add new external (client) users to your account.

Note:

Only accounts with a Citrix Content Collaboration entitlement have a selection page that allows them to select if they’re an employee or external (client) user, prior to sign-in. This page enables external (client) user sign-in to Citrix Workspace. The selection page is designed to favor employees, meaning once an employee self-selects, they always land directly on the sign-in page to input their credentials, unless they clear their cookies.

Requirements to create an external (client) user

  • An Employee user.
  • The Manage client users permission.
  • Changing an external (client) email address or deleting an external (client) user from the system both require the Manage employee users permission.

To create an external (client) user, navigate to Users > Manage Users Home or Browse Clients in Citrix Content Collaboration. Use the Create Client button to begin creating a user.

client user basic info

Enter your user’s email address, first name, last name, and company. If you want to add more users, click Add another. While you can add a set password for first time sign-in without an activation email, by default new external (client) users are prompted to create a password when they sign in to Citrix Workspace for the first time.

You can assign folders to your user, and add the user to distribution groups. You can also copy folder permissions from an existing user to your new one. Using the Copy Folder Access option copies only folder permissions, not account permissions.

client user notify

You can then send a welcome email to your new user, or opt to do so later. This email includes a link to activate their new account.

Create a client (folder access menu)

You can also create a client user from the Add People to Folder menu. A client user is created if you add an individual to a folder that is not currently a member of your account.

  1. Click the name of the folder where you would like to grant the new user access.
  2. Access the People on this Folder tab or the folder access menu.
  3. Click the Add People to Folder button.
  4. Click Create New User to add a client user to your account with access to this specific folder.
  5. The user’s email address, first name, and last name are required. The user is created as a client user and added to the list of users in the pane on the left.
  6. Check the Notify Added Users option in the bottom right.
  7. Save the changes. Your user then receives an email notification that they have been added to the folder and must activate their account.

Create an external (client) user (Email with Citrix)

Email with Citrix allows you to send your files using Citrix Workspace’s email system. With this method, the recipient receives an email message containing a secure link to download the files. You can send a file stored on your account, or send a file stored on your computer.

To send a file stored on your computer using Citrix Workspace:

  1. Right click any file, then click Email with Citrix.
  2. Enter a new external (client) users’ email address as a recipient for your message and file.
  3. Enter a subject for your message. You can enter extra text in the body of your message if needed.
  4. Edit Message Options allows you to customize the following:

    • Send me a copy of this email - Receive a copy of the email message.

    • Email me when files are accessed - Receive a notification email when the file is viewed or downloaded.

    • Encrypt message - This option is available only to users with encrypted email enabled.

    • Require recipients to log in - Require that recipients log in with their Citrix Workspace account. If your recipient is not already a user on your account, they are then required to create a user name and password before accessing the file.

    • Access expires - Set how long you want the download link to be accessible.

    • Allow Recipients To - This option is available to users utilizing View-Only or IRM-protected sharing features.

    • Accesses per user - Limit the number of views or downloads users can have.

    • Always link to the latest version of the file - This option is available only to users with file versioning enabled.

    • Remember subject and custom message for next time - Save the subject and custom message so that it is preset the next time you send a file.

  5. Click Send when ready. You then receive confirmation that the message was sent successfully.

client user workspace

Requirements to resend an external (client) user activation link:

  • An admin on Citrix Cloud with access to Citrix Content Collaboration.
  • The Manage client users permission.
  • Changing an external (client) users’ email address or deleting an external (client) user from the system both require the Manage employee users permission.

When a user is added to Citrix Content Collaboration, they are provided an activation link (by email or by a link generated and delivered by the creator). If the newly created user does not access that activation link within 30 days, a new activation link must be sent. When resending an activation link, the previous activation link is deactivated.

To resend the welcome email containing the activation link:

  1. In Citrix Content Collaboration, go to Users > Resend Welcome Emails.
  2. Enter your user’s email address or name to add them to the To field, or select them from the address book.
  3. Customize your email message as needed.
  4. Click Send.

External (client) user: Activate to access shared files

When you send a file link with the Require User to Login option checked to an external (client) user, the external (client) user is asked to create a Citrix Workspace account to access the link they have received. If you send a file request using the Email by Citrix system, the external (client) user receives an email with a link, as shown in the following image.

client user share

  1. Click the link to activate the account.
  2. Before they can download files, they must set a password for their account.
  3. Once they have set their password and clicked Reset Password, click Back to Sign In to sign in to Citrix Workspace to view or download the shared files.
  4. If they want to view the files again after leaving the page, go back to the email and click the link. The link takes the external (client) user directly to the files on return.

External (client) user: Sign in and view shared files and folders

When you add an external (client) user, the external (client) user can sign in to Citrix Workspace to view the shared files and folders. Sign in by doing the following:

  1. Go to the Citrix Workspace account URL (typically something like [company].cloud.com).
  2. Click to sign in as an External User. If they have signed in as an Employee User before this, they might not see the split sign-in page to sign in as an External User. If that occurs, clear the cache to see the page again.
  3. Enter the user name and password and click Sign In.

client user signin

Employee and client user abilities

  Employee Client
Create root level folders Yes  
Access personal folders Yes  
Be granted admin permissions Yes  
Be granted super user status Yes  
Create users and manage permissions Yes  
Modify account appearance Yes  
Access File Box Yes  
Share a file stored on PC Yes  
Request a file into File Box Yes  
Run reports Yes  
Citrix Files for Windows or Mac Yes  
Citrix Files for Outlook Yes  
Citrix Files for iOS Yes Yes
Citrix Files for Android Yes Yes
Encrypted email Yes  
Mobile editing Yes  
Mobile PDF annotation Yes  
Create and manage connectors Yes  

Remote wipe

Administrators and employee users who have the Manage other employee users permission can wipe devices at any time by selecting Users and then Browse Clients or Browse Employees on the sidebar. Select the name of the user and click Manage devices for this user.

This brings up the Connections page for the user, where the user’s connected apps and connected devices are listed. Lock a user account on the device to prevent the user from accessing the data on it. The data remains on the device unless you wipe the account from it. Wipe a user’s account from a device to remove the data from it the next time the device connects to the account. Revoke a device’s access to Citrix Content Collaboration if you no longer need to manage the user’s account on it.

You cannot wipe the device of a user that has been removed from the Citrix Content Collaboration account. Users that have been deleted or removed cannot access their accounts.

Admin Overview

The Admin Overview page gives summarized information on your account, including Account Name, ID, Billing Plan Type, Account Owner, and Allocated Licenses. The page also displays any entitlements on your account and links to view release notes and open source licenses. This page is the landing page after you click Manage in the Citrix Cloud console.

Background Operations

The Background Operations page displays any current or completed operations that might take a long time to complete. The page shows you all pending, in progress, and recently completed operations.

Content Collaboration reports

To see how your Citrix Content Collaboration account is being used, you can create recurring and non-recurring reports that track usage, access, messaging, storage, and other details.

Prerequisites

  • An Administrative user on the Citrix Content Collaboration account.
  • An Employee user with the Allow this user to access account-wide reporting permission.
  • If running a report for a specific user, that user must be a member of the Shared Address Book.

Create report

Complete the following steps to create a Citrix Content Collaboration report:

1. In your Citrix Cloud account, go to Citrix Content Collaboration.

2. Navigate to Manage > Company Account Info > Reporting.

3. Click the Create Report button and choose the type of Report you want to run, then click Next.

cc-report2

4. Fill in the details as required and click Create. Reports can be generated as Excel or CSV files.

cc-report3

Recurring report:

To create a recurring report, follow the earlier steps through Step 3. Then, choose Recurring as Yes, fill in the other details as required and click Next.

cc-report6

Choose Daily, Weekly, or Monthly based on your needs. Choose the folder where you want the recurring reports to be saved on your account and click Create.

Do not remove the destination folder from the system. If you do, future recurring reports might fail.

Report Pending:

Allow time for your report to be processed and completed. Depending on the amount of time and final size of your report, the time it takes for the report to finish might vary.

cc-report4

View Completed Report:

You can view, download, move, or delete reports at any time by returning to the Reporting menu and accessing the list to the right of the Report Title.

cc-report5

Note:

Reports support a maximum period of 90 days. Citrix recommends a maximum of 30 days.

Report types

Usage

Reviews activity based on account, folder, or user and includes items such as: login, failed login, downloads/views, uploads, create folder, check in / checkout, move, restore, create notes, edit, create URLs, delete, DLP scan (OK), DLP scan (rejected), and DLP share. If the activity name is not checked when creating the report, no data is returned for that activity name.

Access

Reviews access and permissions on folders. This report can be run at the account level, for a specific user, or on a specific folder.

Access Change

Reviews when users were added, edited, or removed from folders. This report can be run at the account level, for a specific user, or on a specific folder. This report can only be run with a date range no longer than 90 days.

Storage Detail

Reviews files stored in your account.

Storage Summary

Reviews data for the account or an individual user. Due to the scope of this report, it can only be run once a week, on a recurring basis. The named user in this report represents the owner of the folder in which the item resides.

Share

Reviews activity related to files that are shared by users on the account. This includes any Share messages created in other Citrix Files apps. This report can be run at the account level or for a specific user. This report can only be run with a date range no longer than 90 days.

Request

Reviews activity related to file requests that have been sent by users on the account. This includes any Request messages created in other Citrix Files apps. This report can be run at the account level or for a specific user. This report can only be run with a date range no longer than 90 days.

Users

Reviews a list of users on your account and their status as it relates to things like the address book or user policies. If your account does not have or use the features associated with certain fields, they return as blank.

Bandwidth Detail

Reviews all uploads and downloads, including details about those transfers.

Bandwidth Summary

Reviews all uploads and downloads, including details about those transfers.

Messaging

Details all messages and links created by the specified user.

Notification History

The Notification History page contains a history of all email messages that have been sent from your account. You can select a date or a specific email with the options shown.

Company branding

Your account’s account or company name allows Citrix support staff to identify your account. It is also the name that appears on any billing-related correspondences. Typically, your account name is the same as the name of your business.

Account name

To change your account’s name, go to Manage > Company Account Info > Edit Company Branding and enter the account name as you would like it to appear, then click Save.

Account appearance

You can edit your account’s sign-in page appearance here. Basic options include Page Title, Logo image, Header Background Color and Accent Color. Click the advanced appearance options link to access more customization, including favicons, background images, page text, and more.

Subdomains

For you or your clients to view your custom branding, you must access Citrix Content Collaboration through a subdomain. You can choose up to three subdomains, which all share custom branding.

Subdomain requirements

The subdomain:

  • Must contain only letters, numbers, and hyphens.
  • Must not start or end with a hyphen.
  • Must be at least 2 characters long.

This page updates to preview your selections and is not visible to users while in edit mode. When you’re ready to apply these settings to your whole account, click Save.

Receipts and Billing Notifications

To view or print billing receipts for your account, click the appropriate date on this page. You can request an email notification when your account is billed.

Data Loss Prevention

Citrix Content Collaboration integrates with third-party Data Loss Prevention (DLP) systems to identify files that contain sensitive information. To limit access and sharing of items based their content, enable DLP scanning on your storage zones controller and then configure the settings on this page.

Enable the Limit access to files based on their content setting if you have one or more private storage zones configured to use a third party DLP system to scan and classify documents. With this setting enabled, sharing and access filters are applied to documents based on the results of the DLP scan. Use the settings on this page to define the sharing and access filters for each classification.

  • Unscanned documents - Allow these actions for documents that your DLP system has not scanned. This includes all documents stored in Citrix-managed storage zones or other storage zones where DLP is not enabled.
  • Scanned: OK - Allow these actions for documents that your DLP system accepted.
  • Scanned: Rejected - Allow these actions for documents that your DLP system rejected because they contain sensitive data.

For more information on Data Loss Prevention, see Data Loss Prevention.

Password Requirements

You can control password requirements for users here. By default, all passwords must contain at least 8 characters, containing at least 1 number, 1 upper case letter, and 1 lower case letter.

To create other password requirements for your users, fill out the form on this page. Any changes you make go into effect the next time a user changes their password.

For all users, passwords:

  • Must contain a minimum of 8 characters.
  • Must contain 1 upper case and 1 lower case letter.
  • Must contain at least 1 number.
  • Must contain at least 1 of these special characters: ! “ # $ % ^ & * ( ) - _ + = / . ? \ [ ] ` ~ @ ‘
  • Cannot be the same as their last 25 passwords.

Security settings

Trusted domains

You can enter one or more domains to allow iframe embedding and Cross-Origin Resource Sharing (CORS).

Account lock-out configuration

This allows you to select the number of times a user can enter an invalid password before being locked out of the account for a specific time period of your choosing.

Terms and conditions

Terms and conditions can be added to the sign-in page for customers. We recommend single sign-on customers also implement terms and conditions on their sign-in page for full coverage. You have the option of including customizable terms and conditions that must be accepted to indicate compliance with the terms before entering the account. Contact Citrix Support for assistance with adding terms to your sign-in page.

IP restrictions

Use IP restrictions to restrict where your users can sign in to your Citrix Content Collaboration account. Contact Citrix Support to set IP restrictions.

Authentication

Inactive users can be signed out of the account after a chosen duration of inactivity. By default, this duration is set to 1 hour.

OAuth tokens are used by apps and the API to authenticate. After the period selected here, users will be required to reauthenticate with all apps. If set to Never, oAuth tokens can still be manually expired through My Connections under Personal Settings, or by an administrator on the user’s profile page using the Users menu.

Two-step verification

Two-step verification uses your phone to provide an extra layer of security for your user name. After you sign in, you are asked to enter a verification code that is sent to your phone using a text message (SMS) or voice call. Supported Authenticator apps like Google and Microsoft can be used as an option instead of your usual password.

This feature is available to both Client and Employee users. Two-step verification is supported on iOS and Android mobile devices.

Some apps require an app-specific password that must be generated each time you want to sign in to the app.

Limitations

  • This feature is not available for trial accounts.
  • This feature cannot be used with company credentials or a custom sign-in page.

By enabling this feature, you make the two-step verification option available to all users on the account. Administrators can set policies to require user enrollment for two-step verification.

twostepverification

Require two-step verification requires that the user group enrolls and opts in for two-step verification. When enabled, the setting is enabled for all Employee Users or Client Users or both. For new users, the activation process requires that the user enter a phone number that is enabled for text message (SMS) or voice. For existing users, the user is prompted to enter the phone number that is enabled for text message (SMS) or voice on the next sign-in from the web, desktop, or mobile app.

Enable “trust this device” for client users can be enabled so when client users mark a device as trusted, they are not required to enter a verification code every time they sign in.

Device security

You can use these options to control the security level for devices used to access the Citrix Content Collaboration account by other users. These settings override any individual user preferences.

Modifiable device security settings include:

File self destruct - Determines the number of days without the user logging in or accessing the account before the account is automatically removed from the mobile device. Self-Destruct occurs even if the user is offline. Options are: Never, 1, 3, 7, 14, 30, 45, or 60 days. When self-destruct is triggered on a device, users with mobile push notifications enabled might receive a notification referencing a Poison Pill activation.

Require user passcode - Controls whether users are required to enter a 4-digit PIN or a password to access their content. When set, all content is encrypted. Options are: PIN, Password, or User-Selected Passcode.

Enable external applications - Determines whether users can open downloaded files outside of the Citrix Files application.

Enable offline access to files - Controls whether users can see Citrix Content Collaboration content when the device is offline.

Restrict modified devices - Enabling this restricts users from being able to use Citrix Files on a jailbroken device. Citrix cannot fully troubleshoot issues encountered by users that have chosen to jailbreak their device.

Enable automatic login - Determines whether users can opt to save their password on their device.

Device security presets

You can configure each setting individually at the Configure Device Security menu. In addition to a Custom setting option, Citrix offers several presets with various differences.

  • Standard
  • Secure
  • Online Only
  • Custom

Super user group

Administrators, also known as super users, are automatically added to all new and existing folders on a given Citrix Content Collaboration account. Super users have upload, download, delete, and administrator permissions on all folders. Super user group access to a folder cannot be modified or removed in the folder access menu. This feature is enabled on your account by default.

Manage super user group

Management of super users requires the Manage Super User Group membership permission.

  1. Go to Manage > Security > Edit Super User Group.
  2. To add a user, click Add New User.
  3. Select a user from the menu from the list of employees on your account.
  4. Use the check boxes to select the users you want to add. Click *Add**.
  5. Click Save.

You can also remove all users from the super user group. The group can be edited by any employee user with the Allow this user to manage Super User Group admin permission. Super users appear in the Folder Access section on each folder. Admin users can choose not to display the group in the access list.

To hide super users from the Folder Access section, go to Manage > Security > Edit Super User Group, then select the Hide Super Group from Folder Access List check box.

Download or upload alerts can be enabled for the super user group in the folder access menu on a folder-by-folder basis.

Personal cloud connectors

Personal cloud connectors allow users to access their Box, Dropbox, Google Drive, and OneDrive (Consumer Version) accounts, providing customers with the flexibility to determine how and where users store files. Personal cloud connectors can be accessed using the web app, but certain file interactions might not be available.

Limitations

  • Due to compliance concerns, this feature cannot be used by users utilizing a HIPAA storage server, a VDR account, or an account with Archiving enabled.
  • For on-prem customers, personal cloud connectors are supported for accounts utilizing Customer-managed StorageZones so long as the account is also associated with a Citrix-managed StorageZone.
  • Currently, accounts with no association to a Citrix-managed StorageZone (such as strictly on-prem or tenant setups) cannot utilize this feature.
  • File uploads to personal cloud or Office 365 connectors currently have a maximum upload size of 100 MB per file.
  • Currently, connectors must have a unique display name. Users are blocked from using a connector name that is currently in use elsewhere on the account.

Enable a personal cloud connector

A personal cloud connector must be enabled by an Admin user before it can be accessed. Only users with the Create and Manage Connectors permission can enable connectors on the account.

Navigate to Manage > Connectors. Here you can view the connectors available for your account.

Click the Enable button to turn on that connector for users on your account.

Once a connector has been enabled, you can manage connector access. By adding a user to the access list for a specific connector, that user is then able to use the connector to link their account to another data storage service. Save your access changes to continue.

The connector creator and the super user group are automatically granted access to the connector type.

Once you have enabled the connector, any user that has been granted access to it can now set up the connector in their own Personal Settings menu.

To configure your connector, navigate to Personal Settings > My Connectors. You must authenticate with your desired connector service so that Citrix Content Collaboration can be authorized to interact with it. Once you have connected services, your connector appears in the Folders section of your sidebar.

Office 365 connector

The connector for Office 365 allows users to access, edit, and share from their SharePoint Online and OneDrive for Business accounts from Citrix Content Collaboration, providing enterprises with the flexibility to determine how and where users store files. Configuration of the Office 365 connector and user assignment can be done from the web application.

Notes and limitations

  • This feature is included with the Advanced Plan, Workspace Premium, Workspace Premium Plus, and others.
  • SharePoint Online and OneDrive for Business connectors require Citrix-Managed (cloud) StorageZones. Therefore, these connectors are not available for accounts utilizing a HIPAA storage server.
  • Office 365 connectors are not compatible with GCC High (Azure Gov) deployments.
  • File uploads to Sharepoint Online has a maximum upload size of 200 MB per file; OneDrive for Business’ upload limit is 15 GB per file.
  • Connectors must have a unique display name. Users are blocked from using a connector name that is currently in use elsewhere on the account.
  • Actions such as browsing folders or downloading files might fail when using the Safari web browser. To resolve any issues, ensure cookies are allowed in your Safari system preferences.

Supported apps for Office 365 connector

  • Citrix Files for iOS
  • Citrix Files for Android
  • Citrix Files for Windows
  • Citrix Files for Mac
  • Web application (Copy and Check-In, Check-Out are not supported via the web browser)

Supported functions

  • Link your Citrix Content Collaboration account to your Office 365 account
  • Access OneDrive for Business files and folders and SharePoint Online document libraries from Citrix Files
  • Move content securely from Office 365 to Citrix Content Collaboration
  • Share Office 365 content securely from Citrix Files
  • Favorite folders

StorageZones

StorageZones gives administrators the flexibility to choose between Citrix-managed, secure cloud storage, or IT-managed storage zones (on-prem) storage within your own data center. In addition to allowing users the ability to create and manage on-premises storage zones, users also have the option of utilizing Citrix-managed storage zones.

Managing public storage zones on your account

Administrators can choose to enable a customized subset of Citrix-managed storage zones on their account. Storage zones can be viewed at Manage > StorageZones. From the StorageZones menu, select Citrix Managed.

From this menu, you can enable or disable specific zones on your account by clicking the check box to the left of the zone name. You can also edit the alias of a particular public zone by mousing over the Alias column to the right of the zone title. Edit the alias of a public zone to better suit the users on your account. In addition to editing your storage zones, you can see your current usage in MB in the Usage column.

Selecting the default public storage zone for a user

Account administrators can designate the default public storage zone for a specific user on their account, and allow the user to select a zone when creating a root-level folder.

  1. To modify the settings for a user on your account, navigate to Users > Manage Users Home.
  2. Locate the user you would like to modify using the Browse or Search function, then use the Manage icon to open the user’s profile page.
  3. In the Employee User Settings section of the user page, use the Storage Location menu to choose the user’s default storage zone.
  4. In the Admin Privileges section, you can choose to allow the user the ability to create and manage zones by clicking the check box to the left of Create and manage zones.
  5. Once you have finished managing your user’s storage zone and permissions, select Save Changes.

Advanced Preferences

Advanced Preferences are account-wide settings that can be turned on or off by an employee user granted the Access Company Account Permissions permission. These settings can be found at Manage > Advanced Preferences.

Email settings

Send e-mails from

Some email services reject messages sent using the Citrix Content Collaboration mail server or flag the messages as spam. If you are getting any reports of email delivery problems, setting the preference to user sending message might resolve the issue. Once the preference is set, the name of the user sending the message appears in the From field and that user’s email address is used when the message recipient replies to the message. This option might trigger message rejection as well, so do not use this option unless you are experience deliverability issues.

STMP Server

By default, system notifications are sent from Citrix Content Collaboration mail servers to clients. At times this might not be ideal, especially when dealing with recipient mail servers that employ aggressive spam filters or whitelists. In these cases, setting a custom SMTP server allows you to send system notifications from your own mail server instead. Once these settings are configured, all emails sent through your account are sent through your mail server, instead of Citrix’s servers. By setting custom SMTP on your account, your users recognize your email address as the sender and any failed emails come back to you. To use custom STMP, an employee user must have the Allow this user to modify account-wide policies permission.

If you use Microsoft Office 365 and would like to utilize custom SMTP, view this set up guide from Microsoft.

Setting up custom SMTP

1. Go to Manage > Advanced Preferences > Email Settings > STMP Server.

2. Click Configure SMTP Settings. The Custom STMP Configuration page appears.

3. Enter the appropriate information to enable this feature.

Required fields:

  • Enable Custom SMTP – This option must be selected if you want to use these settings.
  • Email Address – This is the from email address of sent emails.
  • Server – This is the host name of the email server that is used to send emails.
  • Port – This is the port number to be used. Port 25 is the default. The following ports are also allowed: 26, 443, 465, 587, 2525.
  • Username – This is the user name needed to access the server.
  • Password – This is the password needed to access the server.
  • Notify Email on Failure – This email address is sent notices if Citrix Content Collaboration is unable to send an email with the given settings.

Optional fields:

  • Use SSL – Choose between Implicit, Explicit, or Off.
  • Failback to ShareFile – If selected, messages that fail to send using the custom settings prompt Citrix to send future emails through standard email settings.
  • Authentication Method – Select an authentication method here if a particular one is required by your server.

4. Click Save and Sent Test Email to complete the setup.

Troubleshooting your SMTP setup

Email Notifications / Messages are Delayed - This issue might occur when you are utilizing certain filter services or programs processing messages on your local mail servers. Before contacting Citrix about delays in our system, verify that your messages are not being delayed by local filter services. One means of verifying that information is to review the full header details of a message and reviewing the time messages send between services or filters.

Email Notifications / Messages Do Not Arrive - This issue might occur if you have IP restrictions or policies on your local mail servers. See Knowledge Center article CTX208318 to ensure you have whitelisted the custom SMTP IPs. Likewise, review your mail server authentication methods to ensure that Citrix can communicate with your servers.

Too many connections from your host - This issue might occur when you have exceeded the maximum allowed connections on your SMTP server. To resolve this, you must update or increase your maximum allowed connections in your SMTP configuration, or use consolidated notifications to limit the number of connections you receive on a typical basis.

Notify users of their own activity

By default, even if a user has upload or download notifications for a folder, they do not receive notifications about their own activity in those folders. Enabling this option causes users with folder notifications set to receive updates about their own activity.

Upload Receipts

After enabling this setting, Request a File links that require recipients to enter their name and email before uploading emails a receipt email to the person uploading a file. Only request links that require name and email send upload receipts.

Email Notifications

When you set upload or download notifications for certain users on folders, users receive notifications about the uploads or downloads in real time by default. Users can change this default behavior by clicking the Personal Settings link in their account. However, if you want to set a default value for this setting for all users on your account, you can do so using this setting.

Changing this setting does not affect existing users in the system. It is only applied to newly created users. You can update this setting for individual users at their individual profile page.

Users can receive email notifications in the following languages: English, German, Spanish, French, Dutch, Chinese, Russian, Japanese, Korean, or Portuguese.

Q&A Email Text

This feature determines whether the Folder Q&A feature sends the text of the questions and answers in the body of the notification emails. When set to no, the emails do not contain the question or answer text, but do include a link to sign in and view that information instead.

Encrypted Email

This option is used to enable the encrypted email feature. Setting the option to No prevents users from sending or responding to encrypted email messages.

Secondary Email Addresses

By default, all users on the account can configure a secondary email address for their profile. Setting the value to No removes the ability to configure a second email address for all users, including both employees and clients.

Permissions

Client Shares

By default, all clients who have download access to a particular folder have a Send button that allows them to send any of the files in the folder to a third-party recipient. However, in some use cases, companies do not want clients to be able to send files to third-parties, even though the client can download the files and send them to third-parties outside of the system. If Yes is selected, the Share button appears for clients inside all folders. If No is selected, the Share button only appears for employee users.

Folder Access List

If Yes is selected, all users are able to see the folder access list inside folders they have access to. If No is selected, only users with admin rights on the folder are able to see the list of other users in the folder.

File Settings

Retention Policy

For accounts on the Professional plan and higher, the File Retention policy causes files to automatically be deleted some days after they are uploaded. This option can be configured separately for each root-level folder in the system. This setting determines the default file retention policy used when a new root-level folder is created. Never is the default value.

Sorting

By default, files and folders are displayed so that the most recent items are listed first. Users can choose a different order for files and folders by clicking the Title, MB, Uploader, or Creator headings. Citrix Content Collaboration remembers the order that they choose and uses this option to display files in the same order within that folder in the future. You can choose a different order in which files and folders display. To do so, choose a category to use to display files and whether they are be displayed in Ascending or Descending order.

Versioning

If Yes is marked, when a user uploads a file to a folder that already contains a file with the same name, both versions of the file are saved so you can follow the progress of the file and prevent any data loss from overwriting. If No is chosen, uploading a file with the same name as an existing file causes the system to overwrite the older version of the file on your account.

You can set a maximum number of versions of files that the system saves. For example, if you choose to save up to 10 versions of a file, and you have 10 versions of a file stored on your account, any new uploads cause the oldest version of the file to be deleted.

Editing

When using Microsoft Office Online for viewing and editing, Office Online keeps a temporary copy of the file being viewed and edited for the purposes of rendering and making changes to the file. It is recommended that all administrators communicate this information to users along with reviewing the Microsoft Terms of Use and Privacy Policy. An Office 365 subscription is required for editing.

For more information on Microsoft Office previewing and editing, see Knowledge Center article CTX208340.

Cloud Rendering

If Cloud Rendering is enabled, Citrix Content Collaboration keeps a temporary copy of the files (images, audio, PDFs) involved in your workflow.

When the workflow completes, Citrix Content Collaboration moves the files to the selected on-prem folder. If a user views any file related to a completed workflow, Citrix Content Collaboration makes a temporary copy of the file from on-prem to the Citrix Content Collaboration cloud cache. A file is available for up to one week in the cloud cache after the last time the file is viewed.

If Cloud Rendering is disabled, users are not able to use Feedback and Approval or Custom Workflow features with files stored on customer managed storage zones. It is recommended that all administrators communicate this information to their users along with reviewing the Citrix End User Services Agreement and Privacy Policy.

Enable ShareFile Tools

You can enable or disable access to individual apps and tools on your account. Any changes in this menu impact all users on the account.

Show Apps Page in Navigation Bar allows the Apps link to be present in the upper right corner of your account. You can customize which tools are shown in this list. You can enable or disable the tools listed in this menu.

Folder Templates

This tool allows you to create a default set of subfolders that can be added to new or existing folders on your account to allow for easy folder structure setup when the same subfolders are frequently used. An example of this is if you have separate folders for specific projects or clients on your account and information in each folder is always organized into the same subfolder categories. Applying a folder template to the folder automatically creates the default subfolders within the selected folder to streamline folder setup.

Important:

  • Folders associated with a template cannot be deleted until the template association has been removed.
  • Folder template features rely on permissions that users must be granted.
  • When deleting a subfolder from the folder template, all instances of that folder within your account and all files contained within said folders are deleted. Folders deleted from a change to the template can be restored from the Recycle Bin.

Limitations

Users with a large amount of folders or deeply nested folder structures might not be able to apply folder templates to subfolders in bulk or rename existing folders in bulk.

There might be a delay while Citrix Content Collaboration processes template changes across your account. If you are editing templates that have been associated with many folders on your account, allow the web app time to process these changes before navigating away from the folder template menu.

Instructions

Create folder template

To create a template, go to Manage > Advanced Preferences > Folder Templates.

You can enter a name for this template which allows you to identify the template if you set up more than one on the system. This title is not displayed in the folder screen. You can also enter a description which is displayed on the Dynamic Folder Templates page to help you further identify a specific template, if you create more than one on your account. When you are done, click Create Template.

On the next screen, click the title of your template to highlight it, and then click Add Folder. You can set up as many subfolders as you would like. To create a subfolder of a folder in the template, you can click the name of the folder that the new subfolder will be in, then click Add Folder. Once you are done, click Finish.

Add a template during folder creation

You can add a template when creating a folder. To do so, create a folder and use the Apply Template drop-down menu to apply a folder template. When you create the folder, the subfolders in the template are automatically set up inside the new folder.

You can also use a template to add subfolders to a folder that you have already created. To do so, navigate to the folder you want to modify and hover your mouse over the drop-down menu carat directly to the right of the folder’s name, then click Edit Folder Options. In the folder template section, apply a template from the drop-down menu. To remove a template from a given subfolder, check the Do not use a folder template option in the menu.

Apply folder templates to subfolders in bulk

You can apply folder templates to subfolders in bulk. You must be an Employee user with the Allow this user to edit folder templates permission. You must also be a member of the super user group to use the Apply Templates to Folder button.

To apply templates, click Manage > Advanced Preferences > Folder Templates. Locate the template you want to apply in bulk and click the Apply To Folders icon. At the menu, you can designate which folder you want to apply the template to. The template is then applied to all subfolders within the folder you choose. Once you have selected the folder, click Apply. Depending on your template, you might see a status screen as your templates are applied. Click Apply to finish.

Folder template permission requirements

To create folder templates, you must be an employee user with the Allow this user to edit folder templates permission enabled. You must also have access to set up root level folders on the account, or have upload permissions in one or more folders where you can add subfolders.

To apply folder templates to subfolders in bulk, you must be an employee user with the Allow this user to edit folder templates permission enabled. You must also be a member of the Super User Group to use the Apply Templates to Folder button.

To apply a template to a folder, you must have Admin permissions on a folder to access the Advanced Folder Settings menu where you can view template association.

To edit or delete a folder associated with a template, you must first remove the template association. To do so, navigate to the folder in question and click the Advanced Folder Options using the drop-down menu beside the folder name. In the menu, scroll down to the folder template section and click Remove Association. You can now able to edit and delete the folder.

When deleting a subfolder from the folder template, all instances of that folder within your account and all files contained within the folders are deleted. Folders deleted from a change to the template can be restored from the Recycle Bin.

Remote Upload Forms

Remote Upload Forms let you place HTML code on your website that allows visitors to upload files from your website directly into your account. You can specify the folder that uploaded files get saved to, and what additional information to collect from the person uploading files.

Warning:

Citrix does not provide extra code or advice beyond the provided sample. Citrix cannot provide customer support for remote upload form code that has been modified beyond the template generated in the web application at the time of creation.

Users must be an employee user with the “Manage Remote Upload Forms” permission to create a remote upload form.

You can create a form in the Citrix Content Collaboration console by going to Manage > Advanced Preferences > Remote Upload Forms, then clicking Add New Form.

Adding a new form

Form Description: This is the name of the form in the remote upload wizard page of your account. This name is not be shown on the form itself.

Choose Destination: Choose whether to store uploaded files in a specific Folder or a File Drop. If the File Drops feature is enabled on your account, you can designate a created File Drop as the upload destination. When choosing the File Drop option, use the list to choose from a list of File Drops that you have already created.

Choose Upload Folder: Choose the folder where you want uploaded files to be stored. This folder must be a folder in the Shared Folders section of your account. If this folder has not been created yet, you must create it before using the remote upload wizard.

Return users to: (Any address in this field requires https:// to function properly.) When a website is correctly entered into this field, a user that has uploaded a file to the Remote Upload Form is taken to the website chosen.

Request Uploader Info: When checked, users must enter their email, first and last name, and company before adding files to the form. If this box is not checked, uploaders appear as Anonymous.

Custom Fields: You can add more fields using the + Add Custom Field option. You have the option of marking these fields as required.

Once you have completed the form, click Save and Get Code. You can then copy the raw HTML iframe for your Remote Upload Form.

This code remains available in the Remote Upload Forms section of your account. You can retrieve it by clicking the View Code icon, or delete it from the list by choosing the Remove icon.