Product documentation
Citrix Endpoint Management
View PDF

Authentication with Azure Active Directory through NetScaler Gateway for MAM enrollment

February 26, 2024
Contributed by: 
K

Citrix Endpoint Management supports authentication with Azure Active Directory (Azure AD) credentials through NetScaler Gateway. This authentication method is available only for users enrolling in MAM through Citrix Secure Hub.

Prerequisites

To configure Citrix Endpoint Management to use Azure AD through NetScaler Gateway as an identity provider (IdP) for devices enrolled with MAM, make sure that the following prerequisites are met:

  • Configure Citrix Endpoint Management with Azure AD through Citrix Cloud as IdP for devices enrolled with MDM. For more information about configuring Azure AD for MDM, see Authentication with Azure Active Directory through Citrix Cloud.
  • Connect Azure AD to Citrix Cloud. For more information, see Connect Azure Active Directory to Citrix Cloud.
  • Enable the following relevant feature flags depending on the platform respectively:
    • iOS:
      • iOS-V3Form-MAM
      • iOS-SAMLAuth-MAM
    • Android:
      • Android-V3Form-MAM
      • Android-SAMLAuth-MAM

    Note:

    To enable the relevant feature flag in your environment, fill out the Podio form.

  • For Android, enable Android Enterprise.

    Note:

    This feature is not tested or verified under legacy Android Device Administrator (DA) mode. This mode is not supported.

Configure Azure AD for MAM as IdP

  1. Configure NetScaler Gateway in Citrix Endpoint Management as follows:

    1. Sign in to the Citrix Endpoint Management console and then click the Settings Settings icon.

    2. Click NetScaler Gateway under Server.

    3. Enable the Authentication toggle button.

      Enable NetScaler Gateway Authentication toggle button

    4. Make sure that the Logon Type of the gateway is the Identity provider.

    5. Click Save.

  2. Configure Azure AD as a SAML IdP by using Configure Azure AD as a SAML IdP.

  3. Configure NetScaler ADC as a SAML SP using the advanced policy by using Configure NetScaler ADC as SAML service provider (SP).

  4. Create a AAA virtual server by using To set up an authentication virtual server by using the GUI.

  5. Configure the AAA virtual server by using Configure the authentication virtual server.

  6. Create and configure the authentication profile by using Authentication profiles.

  7. Bind the authentication profile with the Gateway virtual server and save all the configurations.

Now, Azure AD is added as an identity provider for devices enrolled with MAM and you can authenticate them using Azure AD.

Expected behavior

The following example is using an Android device:

  1. On your mobile device, open the Citrix Secure Hub app.

    Citrix Secure Hub app icon

  2. Provide the required permissions.

  3. On the sign-in page, enter the credentials provided by your organization and then tap Next.

    Citrix Secure Hub Sign in page

    You are redirected to the Microsoft sign-in page.

  4. On the Microsoft sign in page, enter your email id and then tap Next.

    Microsoft Sign in page - email id

  5. Enter the password and then tap Sign in.

    Microsoft Sign in page - password

  6. On the Let’s set up your work profile page, tap Accept & continue.

    Lets setup your work profile page

  7. Create the pin for the Citrix Secure Hub app and confirm the same.

    Citrix Secure Hub pin

    You are successfully redirected to the Citrix Secure Hub home page.

Authentication with Azure Active Directory through NetScaler Gateway for MAM enrollment
February 26, 2024
Contributed by: 
K
February 26, 2024
Contributed by: 
K

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.