Citrix DaaS™

(Tenant administrators) Manage your DaaS resources

September 19, 2025

Contributed by:

This article describes how tenant customers access and manage their own DaaS resources in cooperation with Citrix Service Providers (CSPs) under multitenant deployment.

Note:

This feature is now in public preview. Complete this form to participate.

Add tenant administrators

In a multitenant environment, administrators of tenant customers must be added only in each tenant’s Citrix Cloud account. Adding tenant administrators to the Citrix Service Provider’s (CSP) partner account is not supported because it doesn’t ensure proper security isolation.

The first tenant administrator must be added by a partner admin who initially created the tenant account. After that, this tenant administrator with Full access can add more tenant administrators.

To add a tenant administrator:

Sign in to the tenant customer’s Citrix Cloud™ account as a tenant administrator with Full access permission on the tenant.
Follow the steps in Invite individual administrators.
Assign one of the following permissions to the tenant administrator as needed:
- Cloud Administrator (Tenant): Has full permissions to manage the tenant’s own machine catalogs, delivery groups, and other scoped objects. To assign this role, do one of the following:
  - Select Full access.
  - Select Custom access, then select Cloud Administrator (Tenant) under DaaS.
- Help Desk Administrator (Tenant): Has access to the Monitor console only. To assign this role, select Custom access, then select Help Desk Administrator (Tenant) under DaaS.
Note:
- Administrators added in the tenant account are automatically synced to the partner’s Studio console with the appropriate role and scope.
- Partner administrators aren’t encouraged to sign in to a tenant customer’s cloud account for DaaS management. Certain features are blocked in tenant accounts for security reasons.
- To understand the permission differences between Cloud Administrator (Tenant) and Help Desk Administrator (Tenant), see the following Available features by tenant administrator role table.

Access the Studio console in the tenant account

As a tenant administrator, you can access a scoped Studio experience directly from the tenant customer’s Citrix Cloud account.

Sign in to the tenant customer’s Citrix Cloud account.
Select DaaS from the home page or from the upper-left menu. The Studio console opens with functionality based on the administrator’s assigned role.

The console displays only objects and settings within the tenant’s scope. Unscoped objects are not accessible from the tenant view.

Table: Available features by tenant administrator role

Function	Cloud Administrator (Tenant)	Help Desk Administrator (Tenant)
Home	Yes	Not applicable
Search	Yes	Yes
Machine Catalogs	Yes	Not applicable
Delivery Groups	Yes	Not applicable
Applications	Yes	Not applicable
Policies	Manage custom policy sets only	Not applicable
Administrators	Yes	Not applicable
Hosting	Edit only	Not applicable
Monitor	Yes	Yes
Session Recording	Yes	Not applicable
Downloads	Yes	Not applicable

Create catalogs and delivery groups

As a tenant admin with the Cloud Administrators (tenant) role, you can manage machine catalogs and delivery groups within your assigned scope.

However, the first machine catalog for a tenant must be created by the partner administrator for the tenant scope to ensure that the correct initial zone is selected for the tenant catalog.

Manage policies in the tenant account

By default, built-in policy sets are visible across all scopes in the partner’s Studio console.

If a tenant needs to manage policies independently:

In the partner account, a partner administrator must create a custom policy set scoped to that tenant.
In the tenant account, tenant administrators with the Cloud Administrator (tenant) role manage policies within that set.

If a tenant needs to manage own policy set:

In the partner account, a partner administrator must remove ANY scope from DefaultSitePolicies, CustomTemplates, and DefaultSiteTemplates first.
In the tenant account, tenant administrators with the Cloud Administrator (tenant) role manage its own policy set (but not policy template).

Update host connections

As a tenant administrator with the Cloud Administrators (tenant) role, you cannot create host connections. However, you can update existing host connections created by a partner administrator assigned to the tenant’s scope with the initial zone selected.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

(Tenant administrators) Manage your DaaS resources

September 19, 2025

Contributed by:

September 19, 2025

Contributed by:

(Tenant administrators) Manage your DaaS resources

Add tenant administrators

Access the Studio console in the tenant account

Create catalogs and delivery groups

Manage policies in the tenant account

Update host connections

In this article