-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
-
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Authentication with an on-premises Citrix Gateway through Citrix Cloud
Endpoint Management supports authentication with an on-premises Citrix Gateway through Citrix Cloud. This authentication method is available only to users enrolling in MDM through the Citrix Workspace app or Citrix Secure Hub. If Endpoint Management is Workspace enabled, users access resources from the Citrix Workspace app. If you don’t enable Citrix Workspace integration with Citrix Endpoint Management, users access resources from Secure Hub.
Devices enrolling in MAM can’t authenticate using on-premises Citrix Gateway credentials through Citrix Cloud. To use Secure Hub with MDM+MAM, configure Endpoint Management to use Citrix Gateway for MAM enrollment. For more information, see Citrix Gateway and Endpoint Management.
Endpoint Management supports authentication with an on-premises Citrix Gateway through Citrix Cloud for the following platforms:
- iOS devices
- Android Enterprise devices, for BYOD and fully managed modes
- Android devices that run in the legacy Device Administration mode
Note:
Endpoint Management doesn’t support authentication with an on-premises Citrix Gateway through Citrix Cloud for enrollment invitations. If you send users an enrollment invitation containing an enrollment URL, users authenticate through LDAP instead of an on-premises Citrix Gateway as an identity provider.
Citrix recommends that you enable certificate-based authentication for a full single sign-on experience. If you use LDAP authentication on the Citrix Gateway for MAM registration, end users experience a dual authentication prompt during enrollment. For more information, see Client certificate or certificate plus domain authentication.
Prerequisites
- Citrix Gateway. Citrix recommends that you enable certificate-based authentication for a full single sign-on experience. If you use LDAP authentication on the Citrix Gateway for MAM registration, end-users experience a dual authentication prompt during enrollment. For more information, see Client certificate or certificate plus domain authentication.
- Citrix Cloud account with Citrix Cloud Connector installed for directory services synchronization.
- Secure Hub 20.5.0 and later if Endpoint Management is not Workspace enabled.
- Citrix Workspace app if Endpoint Management is Workspace enabled. For information on enabling Citrix Workspace integration, see Workspace configuration.
You can configure this feature with and without Workspace enabled.
Configuration if Endpoint Management is Workspace enabled
If you integrate Endpoint Management with Citrix Workspace, the general steps to configure authentication with an on-premises Citrix Gateway through Citrix Cloud are:
- Configure Citrix Cloud to use Citrix Gateway as your identity provider.
- Configure Citrix Gateway as the authentication method for Citrix Workspace.
To configure Citrix Cloud to use Citrix Gateway as your identity provider and set up Citrix Gateway as the authentication method for Citrix Workspace, see Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud.
After you complete the configuration, you can enroll user devices through the Citrix Workspace app.
Configuration if Endpoint Management is not Workspace enabled
If Citrix Workspace isn’t enabled for Endpoint Management, the general steps to configure authentication with an on-premises Citrix Gateway through Citrix Cloud are:
- Configure Citrix Cloud to use Citrix Gateway as your identity provider.
- Configure Citrix identity as the IdP type for Endpoint Management.
Configure Citrix Cloud to use Citrix Gateway as your identity provider
To set up Citrix Gateway authentication in Citrix Cloud, see Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud.
Configure the Citrix identity provider as the IdP type for Endpoint Management
This configuration applies only to users enrolling through Secure Hub. After you configure Citrix Gateway in Citrix Cloud, configure Endpoint Management as follows.
-
In the Endpoint Management console, go to Settings > Identity Provider (IDP) and then click Add.
-
On the Identity Provider (IDP) page, configure the following:
- IDP Name: Type a unique name to identify the IdP connection that you’re creating.
- IDP Type: Choose Citrix Identity Provider.
- Authentication Domain: Choose Citrix Gateway. This domain corresponds to your Identity provider domain on the Citrix Cloud Workspace Configuration > Authentication page.
-
Click Next. On the IDP Claims Usage page, configure the following:
- User Identifier type: By default, this field is set to userPrincipalName.
- User Identifier string: This field is automatically filled.
-
Click Next, review the Summary page, and then click Save.
You can now enroll user devices through Secure Hub using an on-premises Citrix Gateway as an identity provider.
Secure Hub authentication flow
Endpoint Management uses the following flow to authenticate users with an on-premises Citrix Gateway as an IdP on devices enrolled through Secure Hub:
- A user starts Secure Hub.
- Secure Hub passes the authentication request to Citrix identity, which passes the request to an on-premises Citrix Gateway.
- The user types their user name and password.
- An on-premises Citrix Gateway validates the user and sends a code to Citrix identity.
- Citrix identity sends the code to Secure Hub, which sends the code to the Endpoint Management server.
- Endpoint Management obtains an ID token by using the code and secret and then validates the user information that’s in the ID token. Endpoint Management returns a session ID.
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.