Product Documentation

Configuration

Single sign-on (SSO) for Citrix Content Collaboration

Single sign-on (SSO) can be configured using various IdPs and certain SAML 2.0 or 3.0-based federation tools using basic, integrated, or forms authentication. This feature is available for Business and Enterprise plans.

To configure SSO for your login, see the SSO configuration guides.

Supported configurations

The following configurations have been tested and are supported for most environments.

   
XenMobile 10 Download
ADFS 2.0 Download
ADFS 3.0 Download
ADFS 4.0 (Windows Server 2016) Download
Dual IdP - ADFS and XenMobile Download
NetScaler (version 10.5) Download
NetScaler (version 11.1) Download
Microsoft Azure AD Direct Link

More configurations

These configurations have been successfully configured and tested by our engineering teams. The following configuration documentation is subject to change due to continued product enhancements and improvements. Therefore, configuration guides for the following are presented as is:

   
Centrify Download
Authentication, authorization, and auditing and Kerberos KCD/NTLM Fallback Download
Authentication, authorization, and auditing and Client Certificate Authentication Download
Okta Download
Ping-Federate Download
PingOne / PingID Download
OneLogin Download

Citrix Ready Partners

Click here for information on the Citrix Ready Program

Create employees

An employee user is most often an internal user within your company. Employee users are granted a wide range of permissions and access to your account. Creating an Employee consumes an employee license.

Requirements to create an employee user

  • The manage employee users permission.
  • Employee users can only grant or revoke permissions that they themselves have been granted.
  • Only account administrators can delete users from the system.
  • An email address can only be associated with ONE user at a time. You cannot use the same email address for multiple users.

To create an employee, go to the Users tab in the Content Collaboration tile in Citrix Cloud. Use the Create Employee button to begin creating a user.

Type your user’s name, email address, and company info. You can also customize their password. Depending on your account type, you can customize the user’s individual bandwidth limit.

You can customize your new employee’s User Access and File settings. Depending on your account or plan and your own permissions, certain permissions might not be visible or applicable. User Access settings are typical access and feature-based permissions you can use to manage your employee’s access and abilities on the account.

employees-2

You can assign folders to your user, and add the user to Distribution Groups. You can also customize the user’s permissions to various folders on your account. To grant a user access to a folder, choose the check box beside the folder name.

employees-3

You can send a Welcome Email to your new user or opt to do so later. This email includes a link to activate their new account.

When a user is added, they are provided an activation link (by email or by a link generated and delivered by the creator). If the newly created user does not access that activation link within 30 days, a new activation link must be sent. When resending an activation link, the previous activation link is deactivated.

  1. In Content Collaboration, go to People > Resend Welcome Emails.
  2. Enter your user’s email address or name to add them to the To field, or select them from the Address Book.
  3. Customize your email message as needed.
  4. Click Send.

Accounts utilizing SAML

If you have configured a SAML SSO provider on your account and have created an employee user without any admin permissions, the user does not see or is not prompted to change their password within the activation email. Instead, that user is expected to sign in with their SAML credentials.

Strict employee licensing and company email address

By default, you cannot create a client user with the same email suffix as your company (ex: johndoe@company.com). This option is designed to prevent accounts from circumventing employee licensing requirements.

When a user attempts to create a client user with an employee company email, the user is prompted to send a request to an admin on the account to create the user as an employee.

Admins receive an email notification that allows them to review and approve the user creation request.

Manage employee permissions

Citrix Content Collaboration permissions are designed to give you granular control of your account and the permissions of your users.

Requirements to modify permissions

  • The delegate administrator privileges to other employee users permission or Manage Employee Users permission.
  • Employee users might only give or edit the permissions that they themselves have been given.

How to manage permissions

  1. In the Content Collaboration tile in Citrix Cloud, go to Users.
  2. Browse or search for your user. Choose the user or the Manage icon on the right to open the user profile.
  3. Change permissions as needed, then Save.

Default employee permissions

When creating an employee, the following permissions are granted by default. You can change these settings during the user creation process.

Note:

A gray setting indicates a permission that the creating user does not have access to or is not permitted to give to others, so they cannot grant that permission to another user.

permissions

Basic information

  • Date Created
  • Email Address
  • First Name and Last Name
  • Company name.

Notifications

Change the user’s default Notification Frequency settings.

Default email language

Change the user’s default Email Notification Language.

Bandwidth limit

You can choose a maximum monthly bandwidth allowance for the employee. This limit prevents the employee from personally uploading and downloading more data than you allow them. It also applies to all of their folders, so that they cannot share files with others more than you would like for them to.

Note:

Employee bandwidth limits can also affect clients that the employee supports by limiting how much they can download from the employee’s folders. Bandwidth limits are used by accounts where employee use might need to be limited to prevent bandwidth overages.

Authentication

This setting is offered if the customer is using Content Collaboration Credentials or Two-Step Verification.

User access

General
Change their password

When a user wants to change their password, they can use the Forgot Password link on the logon screen. If the link is not marked, they need to contact an employee who can manage employee permissions for help logging on.

Access personal settings

In personal settings, a user can manage their name, company name, and avatar. They are able to update or change their password on this page if they have the permission to change their password.

Access Company Account Permissions

Advanced Preferences are account-wide settings that can be turned on or off by an employee user granted the Access Company Account Permissions permission. These settings can be found at Admin Settings > Advanced Preferences.

Files and folders

Use personal File Box

The File Box is a personal storage space where employees can store files for a limited period. This space is not generally a collaborative or shared space, although some users might be given access to see other employee’s File Boxes. If you do choose to take away a user’s access to the File Box, they are not able to use any email plug-in tool or add files from their computer when creating a Share message or Link.

Be added to file drops

This option is only available when File Drop is enabled on your account. File drops allow users who create items to list this employee as a contact that clients might choose to send files to through a form.

People

Manage Clients

Manage Clients allows the employee to see the People tab in the navigation bar and to add new users to the account. They are also able to edit settings for any clients that they create.

Note:

Editing a client user’s email address requires the Manage Employees permission.

Edit the shared address book

The Shared Address Book is available to employee users on the account so that they can quickly and easily pull up contact information for users on the account. When this option is checked, the employee is able to add users to the Shared Address Book to allow others to see their contacts on the system.

Share distribution groups

When this permission is enabled, the employee user is able to create a Shared Distribution group.

Edit other users’ shared distribution groups

When setting up a new Distribution Group, users can share the group with all employees. If this permission is enabled, the employee user is able to add more users to a group that has been created on the system and shared with others.

Company Account Info

Edit account appearance

This setting allows the user to configure account branding and appearance settings.

Billing

View receipts and billing notifications

The Receipts & Billing Notifications link in the Admin Settings > Billing section allows any user with this permission enabled to download copies of any receipt or invoice for the account.

Advanced Preferences

The following settings display only when you have the feature enabled on your plan type.

Connectors

Create Network Share Connectors

This permission grants the user the option to create and manage new Network Share Connectors. This permission is only available to Content Collaboration users on certain plans.

Create SharePoint Connectors

This permission grants the user the option to create and manage new Sharepoint Connectors. This permission is only available to Content Collaboration users on certain plans.

StorageZones

Select StorageZone for root-level folders

To change another user’s default storage location, membership to the Super User Group is required. This permission is only available to Content Collaboration users on certain plans.

Delete employees

From the Dashboard, click People > Browse Employees and locate the employee user. Click their name to access their profile page.

On the right side of the profile page, click Delete from the System to delete the user. When you click this button, you are offered the opportunity to reassign all files and folders to another user on the account. Files that are not reassigned are unable to be recovered or restored.

employees-4

Note:

When deleting client users, files cannot be reassigned.

Create client users

A client user is a user external to your company who does not need access to employee-level Citrix Content Collaboration features. There are several ways that you can add new client users to your account.

Requirements to create a client user

  • An Employee user
  • The manage client users permission
  • Changing a client email address or deleting a client user from the system both require the manage employee users permission.

Navigate to People > Manage Users. Use the Create Client button to begin creating a user.

Type your client’s email address. At the next step, provide a name and company if applicable. By default, new client users are prompted to create a password when they sign in for the first time. If you do not want your client to be able to set their own password, do not notify users they have been added to the account until after you have navigated to your user’s profile page and updated their Change Password permission.

employees-5

You can assign folders to your user, and add the user to Distribution Groups. You can also customize the user’s permissions to various folders on your account. To grant a user access to a folder, use the check box beside the folder name.

employees-6

Next, you can send a Welcome Email to your new user, or opt to do so later. This email includes a link to activate their new account.

Create a client user (folder access menu)

You can also create a client user from the Add People to Folder menu. A client user is created if you add an individual to a folder that is not currently a member of your account.

  1. Click the name of the folder where you would like to grant the new user access.
  2. Access the People on this Folder tab or folder access menu.
  3. Click the Add People to Folder button.
  4. Click Create New User to add a client user to your account with access to this specific folder.
  5. The user’s email address, first name, and last name are required. The user is created as a client user and added to the list of users in the pane on the left.
  6. Check the Notify Added Users option in the bottom right.
  7. Save changes. Your user receives an email notification that they have been added to the folder and must activate their account.

When a user is added, they are provided an activation link (by email or by a link generated and delivered by the creator). If the newly created user does not access that activation link within 30 days, a new activation link must be sent. When resending an activation link, the previous activation link is deactivated.

  1. In Content Collaboration, go to People > Resend Welcome Emails.
  2. Enter your user’s email address or name to add them to the To field, or select them from the Address Book.
  3. Customize your email message as needed.
  4. Click Send.

Advanced Preferences

Advanced Preferences are account-wide settings that can be turned on or off by an employee user granted the Access Company Account Permissions permission. These settings can be found at Admin Settings > Advanced Preferences.

Email settings

Send email from

Some email services reject messages sent using the Citrix Content Collaboration mail server or flag the messages as spam. If you are getting any reports of email delivery problems, setting the preference to user sending message might resolve the issue. Once the preference is set, the name of the user sending the message appears in the From field and that user’s email address is used when the message recipient replies to the message. This option might trigger message rejection as well, so do not use this option unless you are experience deliverability issues.

STMP server

By default, system notifications are sent from Content Collaboration mail servers to clients. At times this might not be ideal, especially when dealing with recipient mail servers that employ aggressive spam filters or whitelists. In these cases, setting a custom SMTP server allows you to send system notifications from your own mail server instead.

Notify users of their own activity

By default, even if a user has upload or download notifications for a folder, they do not receive notifications about their own activity in those folders. Enabling this option causes users with folder notifications set to receive updates about their own activity.

Upload receipts

After enabling this setting, Request a File links that require recipients to enter their name and email before uploading will email a receipt email to the person uploading a file. Only request links that require name and email send upload receipts.

Email notifications

When you set upload or download notifications for certain users on folders, users receive notifications about the uploads or downloads in real time by default. Users can change this default behavior by clicking the Personal Settings link in their account. However, if you want to set a default value for this setting for all users on your account, you can do so using this setting.

Note:

Changing this setting does not affect existing users in the system. It is only applied to newly created users. You can update this setting for individual users at their individual profile page. In Real-Time is the default value.

Users can receive email notifications in the following languages: English, German, Spanish, French, Dutch, Chinese, Russian, Japanese, Korean, Portuguese.

Q&A email text

This feature determines whether the Folder Q&A feature sends the text of the questions and answers in the body of the notification emails. When set to no, the emails do not contain the question or answer text, but do include a link to log on and view that information instead.

Enable encrypted email

This option is used to enable the encrypted email feature. Setting this to No prevents users from sending or responding to encrypted email messages.

Permissions

Client shares

By default, all clients who have download access to a particular folder have a Send button that allows them to send any of the files in the folder to a third-party recipient. However in some use cases, companies do not want clients to be able to send files to third-parties, even though the client can download the files and send them to third-parties outside of the system. If Yes is selected, the Share button appears for clients inside all folders. If No is selected, the Share button only appears for employee users. Yes is the default value.

Folder Access list

If Yes is selected, all users are able to see the Folder Access list inside folders they have access to. If No is selected, only users with admin rights on the folder are able to see the list of other users in the folder. No is the default value.

File Settings

Retention policy

For accounts on the Professional plan and higher, the File Retention policy causes files to automatically be deleted some days after they are uploaded. This option can be configured separately for each root-level folder in the system. This setting determines the default file retention policy used when a new root-level folder is created. Never is the default value.

Sorting

By default, files and folders are displayed so that the most recent items are listed first. Users can select a different order for files and folders by clicking the Title, MB, Uploader, or Creator headings. The Content Collaboration service remembers the order that they select and use this option to display files in the same order within that folder in the future. You can select a different order in which files and folders display. To do so, choose a category to use to display files and whether they should be displayed in Ascending or Descending order. User Preferences is the default value.

Versioning

If Yes is marked, when a user uploads a file to a folder that already contains a file with the same name, both versions of the file are saved so you can follow the progress of the file and prevent any data loss from overwriting. If No is selected, uploading a file with the same name as an existing file causes the system to overwrite the older version of the file on your account. Yes is the default value.

You can set a maximum number of versions of files that the system saves. For example, if you select to save up to 10 versions of a file, and you have 10 versions of a file stored on your account, any new uploads cause the oldest version of the file to be deleted. Unlimited is the default value.

Office preview and editing

For more information on Microsoft Office previewing and editing, see Knowledge Center article CTX208340.

Customize apps and settings

You can enable or disable access to individual apps and tools on your account. Any changes in this menu impact all users on the account.

The Show Apps page allows the Apps link to be present in the upper right corner of your account. You can customize which tools are shown in this list. You can enable or disable the tools listed in this menu.

Other settings

Folder templates

For information on folder templates, see Knowledge Center article CTX208329.

Remote upload form

For information on remote upload forms, see Knowledge Center article CTX207516.

File drops

For information on file drops, see Knowledge Center article CTX208328.

Virtual data room

For information on virtual data room, see Knowledge Center article CTX208344.

Content Collaboration reports

Prerequisites

  • An Administrative user on the Citrix Content Collaboration account.
  • An Employee user with the Allow this user to access account-wide reporting permission.
  • If running a report for a specific user, that user must be a member of the Shared Address Book.

Create report

Complete the following steps to create a Citrix Content Collaboration report:

1. In your Citrix Cloud account, go to Content Collaboration.

2. Navigate to Manage > Company Account Info > Reporting.

3. Select the Create Report button and choose the type of Report you want to run, then click Next.

cc-report2

4. Fill in the details as required and click Create. Reports can be generated as Excel or CSV files.

cc-report3

Report Pending:

Allow time for your report to be processed and completed. Depending on the amount of time and final size of your report, the time it takes for the report to finish might vary.

cc-report4

View Completed Report:

You can view, download, move, or delete reports at any time by returning to the Reporting menu and accessing the list to the right of the Report Title.

cc-report5

Personal Cloud Connectors

Personal Cloud Connectors allow users to access their Box, Dropbox, Google Drive, and OneDrive (Consumer Version) accounts, providing customers with the flexibility to determine how and where users store files. Personal Cloud Connectors can be accessed using the web app, but certain file interactions might not be available.

Limitations

  • Due to compliance concerns, this feature cannot be used by users utilizing a HIPAA storage server, a VDR account, or an account with Archiving enabled.
  • For on-prem customers, Personal Cloud Connectors is supported for accounts utilizing Customer-Managed StorageZones so long as the account is also associated with a Citrix-Managed StorageZone.
  • Currently, accounts with no association to a Citrix-Managed StorageZone (such as strictly on-prem or tenant setups) cannot utilize this feature.
  • File uploads to Personal Cloud or Office 365 Connectors currently have a maximum upload size of 100 MB per file.
  • Currently, Connectors must have a unique display name. Users are blocked from using a connector name that is currently in use elsewhere on the account.

Enable a Personal Cloud Connector

A Personal Cloud Connector must be enabled by an Admin user before it can be accessed. Only users with the Create and Manage Connectors permission can enable connectors on the account.

Navigate to Admin Settings > Connectors. Here you can view all of the Connectors available for your account.

Click the Enable button to turn on that Connector for users on your account.

Once a Connector has been enabled, you can manage Connector Access. By adding a user to the access list for a specific Connector, that user is then able to use the Connector to link their account to another data storage service. Save your access changes to continue.

Note:

The Connector creator and the Super User Group are automatically granted access to the Connector type.

Once you have enabled the Connector, any user that has been granted access to it can now set up the Connector in their own Personal Settings menu.

To configure your Connector, navigate to Personal Settings > My Connectors. You must authenticate with your desired Connector service so that Citrix Content Collaboration can be authorized to interact with it. Once you have connected services, your Connector appears in the Folders section of your sidebar.