Citrix Gateway

Extended support for Azure AD Graph

As the Azure AD Graph is deprecated, customers triggering a new application cannot use the earlier permissions that were available with the Azure AD graph. However, customers with existing applications who want to use the old permissions of the Azure AD Graph for some more time can continue to do so by making some configuration changes on the gateway appliance. This configuration is supported in Citrix Gateway release 13.1-27.xx and later.

Perform the following configuration changes on the Citrix Gateway appliance:

  1. In the command prompt, run the following command.

    shell -ys call=”ns_intune_enable_old_endpoints”
  2. Navigate to Security > AAA-Application Traffic > Policies > Authentication > Advanced Policies > Actions > OAUTH Actions.

    1. Select an existing OAuth server.
    2. Click More.
    3. In Graph Endpoint, ensure that the URL looks like the one displayed in the figure.

    Graph endpoint

Extended support for Azure AD Graph

In this article