Citrix DaaS

Machine identities

Each machine must have a unique machine identity, also known as computer account. Machine identities can be created and managed in the machines locally or in a directory, such as on-premises Active Directory (AD) or Azure AD. Citrix supports hosting virtual applications and desktops on machines that are Active Directory joined, Azure Active Directory joined, Hybrid Azure Active Directory joined, or non-domain joined.

Machine identity types

The following machine identity types are supported.

Machine identity type Description
AD joined Identities are created and managed in on-premises Active Directory. Provisioned machines are joined to on-premises Active Directory using the assigned machine identities.
Azure AD joined Identities are created and managed in Azure AD. Provisioned machines are joined to Azure AD using the assigned machine identities. Importing VMs to Citrix DaaS is not supported.
Hybrid Azure AD joined Identities are created in on-premises Active Directory and are synced with Azure AD through Azure AD Connect. Provisioned machines are joined to on-premises Active Directory and Azure AD. The machines are then Hybrid Azure AD joined. For importing a Hybrid Azure AD joined VM, the VM is treated as an Active Directory joined VM by Citrix DaaS.
Non-domain-joined Identities are created and managed in the machines locally. Importing VMs to Citrix DaaS is not supported.

Supported Configurations

The following are details of the supported configurations for each scenario.

Supported infrastructure

Machine identity Citrix DaaS Citrix Workspace Citrix StoreFront Citrix Gateway Service Citrix Gateway
AD joined Yes Yes Yes Yes Yes
Azure AD joined Yes Yes No Yes No
Hybrid Azure AD joined Yes Yes Yes Yes Yes
Non-domain-joined Yes Yes Yes Yes Yes

Note

Neither Local Host Cache nor Service Continuity are available for Non-domain joined session hosts when using Storefront.

Supported workspace authentication identity providers

Machine identity Azure Active Directory Active Directory Active Directory and Token Okta SAML Citrix Gateway Adaptive Authentication
AD joined Yes Yes Yes Yes Yes Yes Yes
Azure AD joined Yes No No No No No No
Hybrid Azure AD joined Yes Yes Yes Yes Yes Yes Yes
Non-domain-joined Yes Yes Yes Yes Yes Yes Yes
Machine identities