Apps configuration using a template
SaaS apps configuration with single sign-on on Citrix Gateway service is simplified by provisioning a template drop-down menu for popular SaaS apps. The SaaS app to be configured can be selected from the drop-down menu.
The template pre-fills much of the information required for configuring applications. However, the information specific to the customer must still be provided.
Note: The following section has the steps to be performed on Citrix Gateway service for configuring and publishing an app using template. The configuration steps to be performed on the app server is presented in the subsequent section.
Configuring and publishing apps using template - Citrix Gateway service specific configuration
The following configuration takes the Aha app as an example to configure and publish an app using template.
On the Citrix Gateway service tile, click Manage.
Click Add a Web/SaaS app tab below the Single Sign On tile.
Select the app you want to configure using the Choose a Template drop-down and click Next.
Enter the following details in the App Details section and click Save.
Name – Name of the application.
URL –URL with your customer ID. If SSO fails or when Don’t use SSO option is selected, the user is redirected to this URL.
Icon – Click Change to change the app icon. The icon file size must be 128x128 pixels. If you do not change the icon, the default icon is displayed.
In the Enhanced Security section, select Enable enhanced security to choose the security options you would like to apply to the application and click Next.
Important: The Enhanced Security section is available only if you are entitled to Access Control service. For details, see https://www.citrix.com/products/citrix-cloud/.
The following enhanced security options can be enabled for the application.
- Restrict clipboard access: Disables cut/copy/paste operations between the app and system clipboard
- Restrict printing: Disables ability to print from within the Citrix Workspace app browser
- Restrict navigation: Disables the next/back app browser buttons
- Restrict downloads: Disables the user’s ability to download from within the app
- Display watermark: Displays a watermark on the user’s screen displaying username and IP address of the user’s machine
Select Enforce policy on mobile device to enable the aforementioned ehanced security options on your mobile device.
Note: When Enforce Policy on Mobile Device is selected along with Enable enhanced security, the user experience for the application access is negatively impacted for the desktop users and the mobile users.
Enter the following SAML configuration details in the Single Sign On section and click Save.
Assertion URL – SaaS app SAML assertion URL provided by the application vendor. The SAML assertion is sent to this URL.
Relay State – Relay State parameter is used to identify the specific resource the users access after they are signed in and directed to the relying party’s federation server. Relay State generates a single URL for the users. Users can click this URL to log on to the target application.
Audience – Service provider for whom the assertion is intended.
Name ID Format – Supported format type of user.
Name ID – Name of the format type of user.
Note: When Don’t use SSO option is selected, the user is redirected to the URL configured under App Details section.
Download the metadata file by clicking the link under SAML Metadata. Use the downloaded metadata file to configure SSO on the SaaS apps server.
The following screen appears indicating that the app has been added to the Library.
You must also complete the application server specific configuration for configuring and publishing the app using the template. For details on each app server specific configuration, see SaaS app server specific configuration.