Apps configuration using a template
SaaS apps configuration with single sign-on on Citrix Gateway service is simplified by provisioning a template drop-down menu for popular SaaS apps. The SaaS app to be configured can be selected from the drop-down menu.
The template pre-fills much of the information required for configuring applications. However, the information specific to the customer must still be provided.
Note: The following section has the steps to be performed on Citrix Gateway service for configuring and publishing an app using template. The configuration steps to be performed on the app server is presented in the subsequent section.
Configuring and publishing apps using template - Citrix Gateway service specific configuration
The following configuration takes the Aha app as an example to configure and publish an app using template.
On the Citrix Gateway service tile, click Manage.
Click Add a Web/SaaS app tab below the Single Sign On tile.
Select the app you want to configure using the Choose a Template list and click Next.
Enter the following details in the App Details section and click Save.
Name – Name of the application.
URL – URL with your customer ID. If SSO fails or when Don’t use SSO option is selected, the user is redirected to this URL.
Customer domain name and Customer domain ID - Customer domain name and ID are used to create app URL and other subsequent URLs in SAML SSO page.
For example, if you are adding a Salesforce app, your domain name is salesforceformyorg and ID is 123754, then the app URL is
Customer domain name and Customer ID fields are specific to certain apps.
Related Domains – Related domain is auto-populated based on the URL that you have provided. Related domain helps the service to identify the URL as part of the app and route traffic accordingly. You can add more than one related domain.
Icon – Click Change icon to change the app icon. The icon file size must be 128x128 pixels. If you do not change the icon, the default icon is displayed.
In the Enhanced Security section, select Enable enhanced security to choose the security options you would like to apply to the application and click Next.
Important: The Enhanced Security section is available only if you are entitled to Access Control service. For details, see https://www.citrix.com/products/citrix-cloud/.
The following enhanced security options can be enabled for the application.
- Restrict clipboard access: Disables cut/copy/paste operations between the app and system clipboard
- Restrict printing: Disables ability to print from within the Citrix Workspace app browser
- Restrict navigation: Disables the next/back app browser buttons
- Restrict downloads: Disables the user’s ability to download from within the app
- Display watermark: Displays a watermark on the user’s screen displaying user name and IP address of the user’s machine
Select Enforce policy on mobile device to enable the previously mentioned enhanced security options on your mobile device.
Note: When Enforce Policy on Mobile Device is selected along with Enable enhanced security, the user experience for the application access is negatively impacted for the desktop users and the mobile users.
Enter the following SAML configuration details in the Single Sign On section and click Save.
Assertion URL – SaaS app SAML assertion URL provided by the application vendor. The SAML assertion is sent to this URL.
Relay State – Relay State parameter is used to identify the specific resource the users access after they are signed in and directed to the relying party’s federation server. Relay State generates a single URL for the users. Users can click this URL to log on to the target application.
Audience – Service provider for whom the assertion is intended.
Name ID Format – Supported format type of user.
Name ID – Name of the format type of user.
Note: When Don’t use SSO option is selected, the user is redirected to the URL configured under App Details section.
Download the metadata file by clicking the link under SAML Metadata. Use the downloaded metadata file to configure SSO on the SaaS apps server.
- You can copy the SSO login URL under Login URL and use this URL when configuring SSO on the SaaS apps server.
- You can also download the certificate from the Certificate list and use the certificate when configuring SSO on the SaaS apps server.
The following screen appears indicating that the app has been added to the Library.
You must also perform the application server specific configuration for configuring and publishing the app using the template. For details on each app server specific configuration, see SaaS app server specific configuration.