Configure O365

Within the App Details section, enter the following details:

  • Location = Outside my corporate network

  • Name = Office 365

  • URL =

  • Related Domains: *

  • Description = (default)


Within the Single Sign On section, enter the following details:

  • Sign assertion = Assertion

  • Assertion URL =

  • Relay State =

  • Audience = urn:federation:MicrosoftOnline

  • Name ID Format = Persistent

  • Name ID = Active Directory GUID

  • Advanced Attributes: URI

    Attribute Name: IDPEmail

    Attribute Format: Unspecified

    Attribute Value: Email


  • The Login URL in this page is used “$uri” in domain federation.
  • The EntityID in the SAML Metadata (xml file) is used as “$IssuerUri” in domain federation.


O365 SaaS Application Federation to Citrix Gateway

PowerShell commands to configure FEDERATED mode on Microsoft Cloud:

Microsoft MSOnline Module must be installed

  • PS> Install-Module AzureAD -Force

PS> Import-Module AzureAD -Force

PS> Install-Module MSOnline -Force

PS> Import-module MSOnline -Force

PS> connect-msolservice

Note: A Microsoft Cloud Account must be used to connect to msolservice. For example,

Configure the Federation settings unique to the Citrix Gateway Customer subscription:

  • PS> $dom = ""

Note: The namespace is the user authentication domain.

  • PS> $IssuerUri = "[customerID]"

  • PS> $fedBrandName = "WORKSPACESECURITY"

  • PS> $logoffuri = ""

  • $uri = "[customerID]/saml/login?APPID=[AppID]”


  • The customerID can be found in;

    • Citrix Cloud > Identity and Access Management > API Access.
    • Citrix Cloud > Citrix Gateway Service > Add a Web/SaaSApp > Single sign on > SAML Metadata file > EntityID.
  • $uri can be copied from Citrix Gateway Service > Add a Web/SaaSApp > Single sign on > Login URL or from SAML Metadata > Location.

Supply the SAML IdP certificate from Citrix Gateway:

  • PS> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\cert\saml_idp.crt")
  • PS> $certData = [system.convert]::tobase64string($cert.rawdata)

Execute the PS string to complete the Federation to Citrix Gateway:

  • PS> Set-MsolDomainAuthentication -DomainName $dom –federationBrandName $fedBrandName -Authentication Federated -PassiveLogOnUri $uri -LogOffUri $logoffuri -SigningCertificate $certData -IssuerUri $IssuerUri -PreferredAuthenticationProtocol SAMLP

Validate the following domain federation and settings are complete:

Get-MsolDomainFederationSettings -DomainName <String>

Office 365 Suite Applications

  • Outlook

  • OneDrive for Business https://[customerid]

  • Word

  • Excel

  • PowerPoint

  • OneNote

  • SharePoint https://[customerid]

  • Teams

  • Yammer

  • Dynamics 365 https://[customerid]

  • Flow

Azure PowerShell Module Reference

Azure PowerShell Command Reference

Deploy Office 365 Directory Synchronization in Microsoft Azure