Citrix DaaS

Create delivery groups


If you are using an on-premises StoreFront with Citrix DaaS, do not use Library to assign resources when creating delivery groups. Instead, use Manage > Full Configuration to assign resources to users. If you use Library in this scenario, resources might not be enumerated to users.

When creating a delivery group in Manage > Full Configuration, on the Users page, do not select Leave user management to Citrix Cloud. Instead, select a different option (Allow any authenticated users to use this delivery group or Restrict use of this delivery group to the following users).


A delivery group is a collection of machines selected from one or more machine catalogs. The delivery group can also specify which users can use those machines, plus the applications and desktops available to those users.

Creating a delivery group is the next step in configuring your deployment after creating a machine catalog. Later, you can change the initial settings in the first delivery group and create other delivery groups. There are also features and settings you can configure only when editing a delivery group, not when creating it.

Before creating a delivery group:

  • Review this section to learn about the choices you make and information you supply.
  • Ensure that you have created a connection to the hypervisor, cloud service, other resource that hosts your machines.
  • Ensure that you have created a machine catalog containing virtual or physical machines.

To launch the delivery group creation wizard:

  1. Sign in to Citrix Cloud. In the upper left menu, select My Services > DaaS.
  2. Select Manage.
  3. If this is the first delivery group being created, the console guides you to the correct selection (such as “Set up delivery groups to be displayed as services”). The delivery group creation wizard opens and walks you through the process.
  4. If you already created a delivery group and want to create another, from Manage > Full Configuration, select Delivery Groups in the left pane. Then select Create Delivery Group in the action bar.

The wizard walks you through the pages described below. The wizard pages you see might be different, depending on the selections you make.

Step 1. Machines

Select a machine catalog and select the number of machines you want to use from that catalog.

Good to know:

  • At least one machine must remain unused in a selected catalog.
  • A catalog can be specified in more than one delivery group. However, a machine can be used in only one delivery group.
  • A delivery group can use machines from more than one catalog. However, those catalogs must contain the same machine types (multi-session OS, single-session OS, or Remote PC Access). In other words, you cannot mix machine types in a delivery group. Similarly, if your deployment has catalogs of Windows machines and catalogs of Linux machines, a delivery group can contain machines from either OS type, but not both.
  • A MCS delivery group can only add a MCS type catalog.
  • Citrix recommends that you install or upgrade all VDAs with the latest version, and then upgrade machine catalogs and delivery groups as needed. When creating a delivery group, if you select machines that have different VDA versions installed, the delivery group will be compatible with the earliest VDA version. For example, if one of the machines you select has VDA version 7.1 installed and other machines have a later version, all machines in the group can use only those features that were supported in VDA 7.1. This means that some features that require newer VDA versions might not be available in that delivery group.
  • The following compatibility checks are performed:
    • MinimumFunctionalLevel must be compatible
    • SessionSupport must be compatible
    • AllocationType must be compatible for SingleSession
    • ProvisioningType` must be compatible
    • PersistChanges must be compatible for MCS and Citrix Provisioning
    • RemotePC catalog is only compatible with RemotePC catalog
    • AppDisk related check

Step 2. Delivery type

This page appears only if you chose a machine catalog containing static (assigned) single-session OS machines. Choose either Applications or Desktops. You cannot enable both.

(If you selected machines from a multi-session OS or single-session OS random (pooled) catalog, the delivery type is assumed to be applications and desktops. You can deliver applications, desktops, or both.

Step 3. AppDisks

Ignore this page. Select Next.

Step 4. Users

Specify the users and user groups who can use the applications and desktops in the delivery group.

As an alternative to specifying applications in the delivery group wizard (as described in this section), you can configure them through the Citrix Cloud library. (See important exception at top of this article if using an on-premises StoreFront.)

Where user lists are specified

User lists are specified when you create or edit the following:

  • A deployment’s user access list, which is not configured through this console. By default, the application entitlement policy rule includes everyone. See the PowerShell SDK BrokerAppEntitlementPolicyRule cmdlets for details.
  • Delivery groups.
  • Applications.


When specifying a user list, you can select user accounts from any of the following identity providers to which your Citrix Cloud account is connected: Active Directory, Azure Active Directory, or Okta.

The list of users who can access an application is formed by the intersection of the above user lists.

Authenticated and unauthenticated users

There are two types of users: authenticated and unauthenticated (unauthenticated is also called anonymous). You can configure one or both types in a delivery group.

  • Authenticated: To access applications and desktops, the users and group members you specify by name must present credentials such as smart card or user name and password to StoreFront or Citrix Workspace app. (For delivery groups containing single-session OS machines, you can import user data (a list of users) later by editing the delivery group.)

  • Unauthenticated (anonymous): For delivery groups containing multi-session OS machines, you can allow users to access applications and desktops without presenting credentials to StoreFront or Citrix Workspace app. For example, at kiosks, the application might require credentials, but the Citrix access portal and tools do not. An Anonymous Users Group is created when you install the first Delivery Controller.

    To grant access to unauthenticated users, each machine in the delivery group must have a multi-session OS VDA installed. When unauthenticated users are enabled, you must have an unauthenticated StoreFront store.

    Unauthenticated user accounts are created on demand when a session is launched, and named AnonXYZ, in which XYZ is a unique three-digit value.

    Unauthenticated user sessions have a default idle timeout of 10 minutes, and are logged off automatically when the client disconnects. Reconnection, roaming between clients, and Workspace Control are not supported.

The following table describes your choices on the Users page:

Enable access for Add/assign users and user groups? Enable the “Give access to unauthenticated users” check box?
Only authenticated users Yes No
Only unauthenticated users No Yes
Both authenticated and unauthenticated users Yes Yes

Step 5. Applications

Good to know:

  • You cannot add applications to Remote PC Access delivery groups.
  • By default, new applications you add are placed in a folder named Applications. You can specify a different folder. For details, see the Applications article.
  • You can change the properties for an application when you add it to a delivery group, or later. For details, see the Applications article.
  • If you try to add an application and one with the same name already exists in that folder, you are prompted to rename the application you are adding. If you decline, the application is added with a suffix that makes it unique within that application folder.
  • When you add an application to more than one delivery group, a visibility issue can occur if you do not have permission to view the application in all those delivery groups. In such cases, either consult an administrator with greater permissions or have your scope extended to include all the delivery groups to which the application was added.
  • If you publish two applications with the same name to the same users, change the Application name (for user) property. Otherwise, users see duplicate names in Citrix Workspace app.

Select the Add menu to display the application sources.

  • From Start menu: Applications that are discovered on a machine created from the image in the selected catalog. When you select this source, a new page launches with a list of discovered applications; select those you want to add and then select OK.
  • Manually defined: Applications located in the deployment or elsewhere in your network. When you select this source, a new page launches where you type the path to the executable, working directory, optional command line arguments, and display names for administrators and users. After entering this information, select OK.
  • Existing: Applications previously added to the deployment, perhaps in another delivery group. When you select this source, a new page launches with a list of discovered applications; select those you want to add and then select OK.
  • App-V: Applications in App-V packages. When you select this source, a new page launches where you select the App-V server or the Application Library. Select the applications you want to add from the resulting display and then select OK.

If an application source or application is not available or valid, it is either not visible or cannot be selected. For example, the Existing source is not available if no applications have been added to the deployment. Or, an application might not be compatible with the supported session types on machines in the selected machine catalog.

As an alternative to specifying applications in the delivery group wizard (as described in this section), you can configure them through the Citrix Cloud library. (See important exception at top of this article if using an on-premises StoreFront.)

Step 6. Desktops (or Desktop Assignment Rules)

The title of this page depends on the machine catalog you chose earlier in the wizard:

  • If you chose a catalog containing pooled machines, this page is titled Desktops.
  • If you chose a catalog containing assigned machines and specified “Desktops” on the Delivery Type page, this page is titled Desktop User Assignments.
  • If you chose a catalog containing assigned machines and specified “Applications” on the Delivery Type page, this page is titled Application Machine User Assignments.

Select Add. In the dialog box:

  • In the Display name and Description fields, type the information to be displayed in Citrix Workspace app.
  • To add a tag restriction to a desktop, select Restrict launches to machines with this tag and then select the tag from the menu.
  • Using the radio buttons, indicate who can launch a desktop (for groups with pooled machines) or who can be assigned a machine when they launch the desktop (for groups with assigned machines). The users can be either everyone who can access this delivery group, or specific users and user groups.
  • If the group contains assigned machines, specify the maximum number of desktops per user. This must be a value of one or greater.
  • Enable or disable the desktop (for pooled machines) or desktop assignment rule (for assigned machines). Disabling a desktop stops desktop delivery. Disabling a desktop assignment rule stops desktop auto-assignment to users.
  • When you are finished with the dialog box, select OK.

As an alternative to specifying desktops in the delivery group wizard (as described in this section), you can configure them through Citrix Cloud library. (See important exception at top of article if using an on-premises StoreFront.)

Step 7. License assignment

Determine which license you want the delivery group to use. By default, the delivery group uses the site license. For more information, see Multi-type licensing.

Step 8. Summary

Enter a name for the delivery group. You can also (optionally) enter a description, which appears in Workspace app and in the Full Configuration management interface.

Review the summary information and then select Finish. If you did not select any applications or specify any desktops to deliver, you are asked if you want to continue.

If you don’t specify users or applications in the wizard

As an alternative to specifying users and applications in a delivery group, you can specify them in the Citrix Cloud console. (See important exception at top of this article if using an on-premises StoreFront.)

  1. In the Citrix Cloud Console, select Library.

  2. Find the card containing the resources (applications or desktops) you want. Hover over the ellipsis menu in the upper right corner and select Manage Subscribers.

  3. In the Manage subscribers dialog, under Add Subscribers in the left menu, select subscribers (users). If you have multiple subscribers, you might need to type one or more characters of the domain group containing those users in the right search field. Matches appear in the table below the two fields. Select the correct match. (If there’s only one match, it’s automatically selected.) When the Status field indicates Ready, select the X in the upper right corner to close the dialog.

  4. Refresh the Resources page. The lower left corner of the resource card contains a value that indicates domain users have been selected.

For more information about the Library, see Assign users and groups to service offerings using Library.

More information

Create delivery groups