-
Endpoint Management integration with Microsoft Endpoint Manager
-
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Authentication with Okta through Citrix Cloud
Endpoint Management supports authentication with Okta credentials for users enrolling through Citrix Secure Hub. Endpoint Management supports authentication with Okta for iOS devices, Android Enterprise devices (Preview), and Android devices that run in the legacy Device Administration mode.
Endpoint Management uses the Citrix Cloud service as the Citrix identity provider (IdP) to federate with Okta.
Note:
Endpoint Management doesn’t support authentication with Okta through Citrix Cloud for enrollment invitations. If you send users an enrollment invitation containing an enrollment URL, users authenticate through LDAP instead of Okta.
For information about setting up authentication with Okta when Endpoint Management is Workspace-enabled, see “Authentication with Okta when Endpoint Management is Workspace-enabled”, in this article.
To set up this service:
- Configure Citrix Cloud to use Okta as your identity provider in Identity & Access Management.
-
Enable Okta as your authentication method under Workspace configuration in Citrix Cloud.
For more information about configuring Okta in Citrix Cloud, see Connect Citrix Cloud to your Okta organization.
Domain-joined users can then use Secure Hub to sign on with their Okta credentials. Secure Hub uses client certificate authentication for MAM devices.
For Endpoint Management local accounts, this method of authentication isn’t available.
Citrix recommends that you use the Citrix identity provider instead of a direct connection to Okta. If you prefer a direct connection with Okta, see https://support.citrix.com/article/CTX225566.
If you use this authentication method, you must use certificate-based authentication for MDM enrollments. Also, when creating enrollment profiles for Android Enterprise, the Allow users to decline device management setting must be turned Off. If users decline device management, they can’t enroll using an identity provider to authenticate. For more information, see Client certificate or certificate plus domain authentication and Enrollment security.
Prerequisites for authentication with Okta
- Citrix Gateway, configured for certificate-based authentication
- Secure Hub 20.5.0 and later
- Okta user credentials
Configure Citrix Cloud to use Okta as your identity provider
To configure Okta in Citrix Cloud, see the Citrix Cloud article Connect Okta as an identity provider to Citrix Cloud.
Configure the Citrix identity provider as the IdP type for Endpoint Management
After you configure Okta in Citrix Cloud, configure Endpoint Management as follows.
-
In the Endpoint Management console, go to Settings > Identity Provider (IdP) and then click Add.
-
In the Identity Provider (IdP) page, configure the following:
- IdP Name: Type a unique name to identify the IdP connection that you are creating.
- IdP Type: Choose Citrix Identity Platform.
- Authentication Domain: Select the authentication domain as listed in the menu. This domain is the same authentication domain as configured under Identity and Access Management > Authentication for Citrix Workspace Configuration in Citrix Cloud.
-
Click Next. In the IdP Claims Usage page, configure the following:
- User Identifier type: This field is set to userPrincipalName or Email.
- User Identifier string: This field is automatically filled.
-
Click Next, review the Summary page, and then click Save.
Secure Hub users can now sign in with their Okta credentials.
Secure Hub authentication flow
With Endpoint Management configured to use the Citrix identity provider as its IdP, the Secure Hub authentication flow is as follows for a device enrolled through Secure Hub:
- A user starts Secure Hub.
- Secure Hub passes the authentication request to the Citrix identity provider, which passes the request to Okta.
- The user types their user name and password.
- Okta validates the user and sends a code to the Citrix identity provider.
- The Citrix identity provider sends the code to Secure Hub, which sends the code to the Endpoint Management server.
- Endpoint Management obtains an ID token by using the code and secret, and then validates the user information that’s in the ID token. Endpoint Management returns a session ID.
Authentication with Okta when Endpoint Management is Workspace-enabled
Endpoint Management uses the Citrix Cloud service, Citrix identity provider, to federate with Okta.
To set up this service, configure Citrix Cloud to use Okta as your identity provider in Identity & Access Management. Also, enable Okta as your authentication method under Workspace configuration in Citrix Cloud. Users can then use the Citrix Workspace app and Secure Hub to log in with their Okta credentials. Secure Hub uses client certificate authentication for MAM devices. For more information about configuring Okta in Citrix Cloud, see Connect Citrix Cloud to your Okta organization.
Citrix recommends that you use Citrix identity provider instead of a direct connection to Okta. If you prefer a direct connection with Okta, see https://support.citrix.com/article/CTX225566.
Prerequisites for authentication with Okta
- Contact Citrix Support to enable authentication with Okta for your site
- Citrix Endpoint Management integration with Citrix Workspace
- Citrix Gateway configured for certificate-based authentication
- Secure Hub 19.11.5 (minimum version)
- Okta user credentials
For more information on enabling Workspace integration, see Workspace configuration.
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.