Support for Software as a Service apps

Software as a Service (SaaS) is a software distribution model to deliver software remotely as a Web-based service. Commonly used SaaS apps include Salesforce, Workday, Concur, GoToMeeting, and so forth.

SaaS apps can be accessed using Citrix Workspace using Citrix Gateway service. The Citrix Gateway service coupled with Citrix Workspace provides a unified user experience for the configured SaaS apps, configured virtual apps, or any other workspace resources.

SaaS apps delivery using Citrix Gateway service provides you an easy, secure, robust, and scalable solution to manage the apps. SaaS apps delivered on the cloud has the following benefits:

  • Simple configuration – Easy to operate, update, and consume.
  • Single sign-on – Hassle free logon with Single sign-on.
  • Standard template for different apps – Template based configuration of popular apps.  

How SaaS apps work with Citrix Gateway service

  1. Customer admin configures SaaS apps using Citrix Gateway service UI ( The admin then adds subscribers (users) for the apps.
  2. Admin provides the service URL to the users to access Citrix Workspace.
  3. Users subscribed for an app can see the app upon log on to Citrix Workspace.
  4. To launch the app, user clicks on the enumerated SaaS app icon.
  5. SaaS app trusts SAML assertion provided by Citrix Gateway service and the app is launched.

Note: Configured SaaS apps are aggregated along with virtual apps and other resources in Citrix Workspace for a unified user experience.


Ways to configure SaaS apps

SaaS apps can be configured and published in the following two ways:

Configuring and publishing apps manually

The following configuration takes the Splunk app as an example to configure and publish an app manually:

  1. On the Citrix Gateway service tile, click Manage.

  2. Click Add a Web/SaaS app tab below the Single Sign On tile.

  3. Click Skip to configure Splunk app manually.

    localized image

  4. Enter the following details in the App Details section and click Save.

    Name – Name of the application.

    URL –URL with your customer ID. If SSO fails or when Don’t use SSO option is selected, the user is redirected to this URL.

    Icon – Click Change to change the app icon. The icon file size must be 128x128 pixels. If you do not change the icon, the default icon is displayed.

    localized image

  5. In the Enhanced Security section, select Enable enhanced security to choose the security options you would like to apply to the application. The following enhanced security options can be enabled for the application.

    • Restrict clipboard access: Disables cut/copy/paste operations between the app and system clipboard
    • Restrict printing: Disables ability to print from within the Citrix Workspace app browser
    • Restrict navigation: Disables the next/back app browser buttons
    • Restrict downloads: Disables the user’s ability to download from within the app
    • Display watermark: Displays a watermark on the user’s screen displaying username and IP address of the user’s machine

    localized image

    Select Enforce policy on mobile device to enable the aforementioned ehanced security options on your mobile device.

    Note: When Enforce Policy on Mobile Device is selected along with Enable enhanced security, the user experience for the application access is negatively impacted for the desktop users and the mobile users.

  6. Select your preferred single sign-on type to be used for your application and click Save. The following single sign-on types are available.

    localized image

    • Basic – If your back-end server presents you with a basic-401 challenge, choose Basic SSO.
    • Kerberos – If your back-end server presents you with negotiate-401 challenge, choose Kerberos.
    • Form-Based – If your back-end server presents you with an HTML form for authentication, choose Form-Based.
    • Don’t use SSO – Use Don’t use SSO option when you do not need to authenticate user on the backend server.

    Note: You do not need to enter configuration details for the above SSO types except the form based SSO.

    Enter the following Form-based configuration details in the Single Sign On section and click Save.

    • Action URL - Type the URL to which the completed form is submitted.

    • Logon form URL – Type the URL on which the logon form is presented.

    • Username Format - Select a format for the username.

    • Username Form Field – Type a username attribute.

    • Password Form Field – Type a password attribute.

    Note: When Don’t use SSO option is selected, the user is redirected to the URL configured under App details section.

  7. Download the metadata file by clicking the link under SAML Metadata. Use the downloaded metadata file to configure SSO on the SaaS apps server.

    localized image

  8. Click Finish.

    localized image

  9. The following screen appears indicating that the app has been added to the Library.

    localized image

  10. On the Citrix Cloud screen, click View Library tab under Library Offerings. Notice that the newly added app features in your library

    localized image

  11. To assign users for the app, hover your pointer over the ellipses on the right, and click Manage Subscribers.

    localized image

  12. Click Choose a domain drop-down and select a domain. Click Choose a group or user and assign users.

    localized image

    Note: A subscribed user can be unsubscribed by selecting the user and clicking on the delete icon next to Status.

  13. To obtain the Workspace URL to be shared with app users, on Citrix Cloud, click menu icon and navigate to Workspace Configuration.

    localized image

Editing a published app

To edit a published app, perform the following steps:

  1. Go to Library and identify the app to be edited.

  2. Hover your pointer over the ellipses on the right and click Edit.

    localized image

  3. Edit the entries under App Details section and click Save.

    localized image

  4. Edit the entries under Single Sign On section, click Save, and click Finish.

    localized image

  5. The following screen appears indicating that the app has been modified.

    localized image

Deleting a published app

To delete a published app, perform the following steps:

  1. Go to Library and identify the app to be deleted.
  2. Click the dot icon on the right and click Delete.

Launching a configured app – end-user flow

To launch a configured app, perform the following steps:

  1. Logon to Citrix workspace with AD user credentials.
  2. Admin configured app is shown.
  3. Click on the app to launch the app.
  4. The app is launched and the user is signed-in to the app.