Citrix Endpoint Management

Authentication with an on-premises Citrix Gateway through Citrix Cloud (Preview)

This feature is available as a preview. To enable authentication with an on-premises Citrix Gateway using Citrix Cloud, contact your Citrix support representative.

Endpoint Management supports authentication with an on-premises Citrix Gateway for users enrolling through Citrix Secure Hub. Citrix Gateway as an identity provider is available for iOS devices and Android devices that run in the legacy Device Administration mode. This authentication method does not yet support Android Enterprise.

Note:

Endpoint Management doesn’t support authentication with an on-premises Citrix Gateway through Citrix Cloud for enrollment invitations. If you send users an enrollment invitation containing an enrollment URL, users authenticate through LDAP instead of an on-premises Citrix Gateway as an identity provider.

Prerequisites for authentication with Citrix Gateway

  • Citrix Gateway configured for certificate-based authentication
  • Secure Hub 20.5.0 and later

Configure Citrix Cloud to use Citrix Gateway as your identity provider

To set up Citrix Gateway authentication in Citrix Cloud, see Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud.

Configure the Citrix identity provider as the IdP type for Endpoint Management

After you configure Citrix Gateway in Citrix Cloud, configure Endpoint Management as follows.

  1. In the Endpoint Management console, go to Settings > Identity Provider (IdP) and then click Add.

  2. In the Identity Provider (IdP) page, configure the following:

    IdP configuration screen

    • IdP Name: Type a unique name to identify the IdP connection that you are creating.
    • IdP Type: Choose Citrix Identity Platform.
    • Authentication Domain: Select the authentication domain as listed in the menu. This domain is the same authentication domain as configured under Identity and Access Management > Authentication for Citrix Workspace Configuration in Citrix Cloud.
  3. Click Next. In the IdP Claims Usage page, configure the following:

    IdP configuration screen

    • User Identifier type: This field is set to userPrincipalName.
    • User Identifier string: This field is automatically filled.
  4. Click Next, review the Summary page, and then click Save.

    Users can now enroll using Citrix Gateway as an identity provider.

Authentication with an on-premises Citrix Gateway through Citrix Cloud (Preview)