Users and authentication
User authentication methods
Users must authenticate when they log in to Citrix Workspace to start their desktop or apps.
Citrix Managed Desktops supports the following user authentication methods:
Managed Azure AD: Managed Azure AD is an Azure Active Directory (AAD) provided and managed by Citrix. You don’t need to provide your own Active Directory structure. Just add your users to the directory.
Managed Azure AD is used for test or pilot deployments.
Your Active Directory: If you use your own Azure subscription for catalogs and images, you can use any available authentication method in Citrix Cloud.
Setting up user authentication includes the following procedures:
- Configure the user authentication method in Citrix Cloud and Workspace Configuration.
- If you’re using Managed Azure AD for user authentication, add users to the directory.
- Add users to a catalog.
Configure user authentication in Citrix Cloud
To configure user authentication in Citrix Cloud:
- Connect to the user authentication method you want to use. (In Citrix Cloud, you “connect” or “disconnect” from an authentication method.)
- In Citrix Cloud, set Workspace authentication to use the connected method.
The Managed Azure AD authentication method is configured by default. That is, it is automatically connected in Citrix Cloud, and Workspace authentication is automatically set to use Managed Azure AD for this service. If you want to use this method (and have not previously configured a different method), continue with Add and delete users in Managed Azure AD.
To change the authentication method:
From the Manage dashboard, click User Access & Authentication on the right.
Click Manage User Access and Authentication. Select the Workspace tab, if it isn’t already selected. (The other tab indicates which user authentication method is currently configured.)
Follow the link To set up authentication methods. That link takes you to Citrix Cloud. Select Connect in the ellipsis menu for the method you want.
While still in Citrix Cloud, select Workspace Configuration in the upper left menu. On the Authentication tab, select the method you want.
What to do next:
- If you’re using Managed Azure AD, add users to the directory.
- For all authentication methods, add users to the catalog.
Add and delete users in Managed Azure AD
This task applies only if you’re using Managed Azure AD for user authentication to Citrix Workspace.
You provide your users’ name and email addresses. Citrix then emails an invitation to each of them. The email instructs users to click a link that joins them to the Citrix-managed Azure AD.
- If the user already has a Microsoft account with the email address you provided, that account is used.
- If the user does not have a Microsoft account with the email address, Microsoft creates an account.
To add and invite users to Managed Azure AD:
- From the Manage dashboard, expand User Access & Authentication on the right. Click Manage User Access and Authentication.
- Click the Managed Azure AD tab.
Click Invite Users.
Type the name and email address of a user, and then click Add User.
- Repeat the preceding step to add other users.
- When you’re done adding user information, click Invite Users at the bottom of the card.
To delete a user from Managed Azure AD, click the trash icon next to the name of the user you want to delete from the directory. Confirm the deletion.
What to do next: Add users to the catalog
Add or remove users in a catalog
This procedure applies regardless of which authentication method you use.
From the Manage dashboard, if you haven’t added any users to a catalog, click Add subscribers.
To add users to a catalog that already has users, click anywhere in the catalog’s entry.
On the Subscribers tab, click Manage Subscribers.
Select a domain. (If you’re using Managed Azure AD for user authentication, there’s only one entry in the domain field.) Then select a user.
Select other users, as needed. When you’re done, click the X in the upper right corner.
To remove users from a catalog, follow steps 1 and 2. In step 3, click the trash icon next to the name you want to delete (instead of selecting a domain and group/user). This action removes the user from the catalog, not from the source (such as Managed Azure AD or your own AD or AAD).
What to do next:
- When you finish preparing a static or random catalog, send the Citrix Workspace URL to your users. On the Manage dashboard, the URL is on the right in User Access & Authentication.
- For a multi-session catalog, add applications (if you haven’t already) and then send the Citrix Workspace URL to your users.
For more information about authentication in Citrix Cloud, see Identity and access management.