Integrate Citrix DaaS
Deploy the Citrix DaaS (CVADs) integration to add microapps that help people perform self-service actions from Citrix Workspace. Users can check the status of their associated machines and sessions, and perform operations such as restart, disconnect, and log off. Admins can also turn on maintenance mode for machines with an Administrator Mode microapp
A short 98-second Tech Insight video showing the functionality:
- Create a Secure Client, which is used by the integration to communicate with the CVAD service APIs
- Choose an appropriate API proxy location for the Token URL
- Collect required information that must be filled in to the integration configuration
- Add the CVAD service integration, and configure it
- Subscribe people to the microapps, so that they can be used
To set up this integration, you must have Citrix Workspace, Microapps, and Citrix DaaS enabled in Citrix Cloud.
This integration template supports on-premises and cloud VDAs if you use Citrix DaaS for brokering.
This integration does not support VDAs brokered from on-premises CVAD, because on-premises CVAD does not have public APIs available, and this integration relies on the CVAD Service Public APIs.
These are the values that you enter when configuring the CVAD service integration in Citrix Workspace Microapps:
- Customer ID: The customer ID used when calling the CVAD service APIs. Your customer ID is found in Citrix Cloud on the Secure Clients page.
- Token URL: Defaults to the US API Proxy URL. See API Proxy for other regional API Proxy URLs.
- Client ID: The clientID created on the Citrix Cloud Identity and Access Management website. This is required to obtain the bearer token needed for authentication to the CVAD service APIs. See Generate Client ID and Client Secret.
- Client Secret: The secret key created on the Citrix Cloud Identity and Access Management website. This is required to obtain the bearer token needed for authentication to the CVAD service APIs.
Permissions for the Client ID and Secret (Secure Client)
When creating the Secure Client from Identity and Access Management, the account you are logged in with when generating the Secure Client must have the following Citrix DaaS permissions:
- Read-only Administrator, All - To pull data from Citrix DaaS.
- Session Administrator, All - To perform log off and restart actions.
- Help Desk Administrator, All - To enable and disable maintenance mode.
The Secure Client credentials inherit the permissions of the logged in user. If the permissions of the user that was logged in when the Secure Client was created change, then those new permissions apply to the Integration, too.
Generate Client ID and Client Secret (Secure Client)
A Client ID and Client Secret (Secure Client) are required to obtain the bearer token to authenticate to and use the CVAD service APIs.
Create a Secure Client from the Citrix Cloud Identity and Access Management page and store the client ID and client Secret securely, as the Client ID and Client Secret are needed when configuring the integration.
The Secure Client Name helps to quickly identify what the Client is used for. For this Integration a name like “DaaS integration microapps” may be suitable. The name is not needed to configure the CVAD service integration.
A client ID is some numbers and letters, separated by hyphens. For example:
A client Secret looks similar to this:
A step-by-step guide to creating a Secure Client can be followed from the CVAD migration guide here: Generate the customer ID, client ID, and secret key.
Choose an API Proxy
Citrix provides API proxies in multiple regions. Choose a proxy closest to the region that your Citrix Cloud instance resides in:
The integration configuration defaults to US. Copy and paste another region’s URL into the Token URL field if needed.
Gather configuration data to be entered
When configuring the integration you will need the following information:
- The Customer ID of the Citrix Cloud instance
- The Client ID and Client Secret generated when the Secure Client was created
- The API proxy URL to enter in the Token URL field, if it differs from the default US proxy
Add the integration
Add the Citrix DaaS integration to Citrix Workspace Microapps.
This delivers out-of-the-box microapps with pre-configured notifications and actions which are ready to use within your Workspace after Subscribing users or groups to them
Follow these steps:
- From the Microapp Integrations page, select Add New Integration, and Add a new integration from Citrix-provided templates.
- Choose the Citrix DaaS tile.
- Click Add
From the Configuration page:
Enter your Customer ID in the Customer ID field. To find your customer ID, see Generating the customer ID.
- Confirm the Token URL field is the desired API Proxy URL collected earlier. This value is prefilled with the US API Proxy.
- In the Token URL field replace with your customer ID. For example, if the customer ID was acmecorp, the URL would look like:
- Enter your Client ID, generated when the Secure Client was created
Enter your Client secret. The client secret is the unique string issued with the Client ID when creating the Secure Client.
- Select Save to proceed.
The microapps service will now synchronize with the CVAD service APIs, and load data. For complete information about synchronization, see Synchronize data.
Subscribe Groups or Users to the Microapps
After configuring the Integration, people must be Subscribed to the microapps to see them in Workspace. Find out how to assign Subscribers
Who you subscribe to each microapp depends on your needs. However, as a general guide:
- Subscribe all users who use Virtual Apps or Desktops to the My Sessions and My Desktops microapps
- Subscribe CVAD administrators to the Virtual Desktops (Admin Mode) microapp
Use DaaS microapps
The Citrix DaaS integration comes with out-of-the-box microapps. Start with these microapps and customize them for your needs.
My Desktops: Search for your Citrix Virtual Desktops, and perform self-service actions from Citrix Workspace such as restarting.
|Notification or Page||Use-case workflows|
|Virtual Desktop Detail page||Provides a page with desktop details, and options to Restart Desktop and Force Restart Desktop.|
|Virtual Desktops page||Provides a searchable list of Citrix Virtual Desktops associated with the user, with a link to the Virtual Desktop Detail page.|
My Sessions: Search for your Citrix Virtual sessions, and perform self-service actions from Citrix Workspace such as logging off and disconnecting.
|Notification or Page||Use-case workflows|
|List of Sessions page||Provides a searchable list of Virtual Desktop sessions associated with the user, with a link to the Session Detail page.|
|Session Detail page||Provides a page with Virtual Desktop session and machine details, and options to Log Off Session and Disconnect Session.|
Virtual Desktops (Admin Mode): Enables from Citrix Workspace CVAD Administrators to lookup machines, view their details, put machines into maintenance mode, and restart the machines.
|Notification or Page||Use-case workflows|
|A Machine in a Fault State notification||When there’s a new record of a machine reporting a faulty state, all subscribers receive a notification that links to the Virtual Desktop Detail page.|
|List of Virtual Desktops page||Provides a searchable list of Citrix Virtual Desktops with a link to the Virtual Desktop Detail page. You can search by machine or user.|
|Virtual Desktop Detail page||Provides a page with desktop details, and options to Restart Desktop, Force Restart Desktop, Enable Maintenance Mode, and Disable Maintenance Mode.|
Upgrade your integration
If you are already using the Citrix Virtual Apps and Desktops integration, use this process to upgrade to the latest version. With this process you avoid having to resubscribe all your users.
- Site ID is obtained automatically.
- All machines are displayed - Not limited to faulty machines.
- Incremental synchronization runs faster. Synchronization does not delete Deleted Sessions. Also, synchronization does not update Machines, rather only Sessions.
- Added updates after actions that delete Sessions after logging off, updates Sessions after disconnecting, and sets restarting state for Machines.
- Added option to update information for details on Machines and Sessions so that users can ensure that what’s seen is the same as in Citrix DaaS.
Follow these steps:
- Download and add this script into the Scripting tab of your old Citrix DaaS integration.
- From the integration configuration screen of the integration, select Scripting from the left-hand navigation.
- Download this script: Upgrade Citrix-Virtual-Apps-and-Desktops-service
- Select Upload script. Alternatively, you can input your script directly into the text area by selecting Edit.
- Drag your script onto the import pop-up. Select Import.
- Add the new Citrix DaaS integration from the catalog of Citrix-provided templates, but do not configure the integration.
- After adding the integrations, export each microapp individually. For each microapp, select the menu next to the microapp and select Export. Perform this procedure for all three microapps.
- In the old integration (that is the integration you are currently using), import the files you exported.
- Select the menu next to the microapp and select Import new version.
- Drag or browse your computer to add the files, each for the corresponding microapp.
- Enable the Delete existing feed cards toggle to replace the original microapp.
- Select Import at the bottom of the screen.
- Delete all data endpoints except the scripted endpoints.
- Select Edit next to the integration.
- On the Data loading page select the menu next to an integration that is not scripted, select Delete, and confirm.
- Update the integration configuration. Specifically, the Base URL, Customer ID, and Header prefix according to the instructions in Add the integration. Remember to select Save to complete the procedure
You upgraded the Citrix Virtual Apps and Desktops integration.
How the Integration works
The CVAD service integration uses the Citrix Virtual Apps and Desktops REST APIs and a Citrix Cloud Client ID and Secret (referred to as a Secure Client) to function.
Bearer token refresh requirements from the CVAD service APIs are handled by a Citrix-provided API Proxy. The API proxy uses the Client ID and Secret to refresh the bearer token automatically and uses the token to authenticate to the CVAD service APIs when microapp actions are performed or data is synchronized.
The microapps service - part of Citrix Workspace - synchronizes data from the CVAD service APIs, using the bearer token from the API Proxy.
The synchronized data is then presented in Workspace through microapps, and allows users of Workspace to perform actions on CVAD service Sessions and Machines, in addition to showing information to the user about their sessions and machines - all from Workspace.
Further reading and viewing
Citrix Tech Zone Live session covering the CVAD service integration - covering the origins of the microapps, what they do, how they work, and a demo (~16 minutes): Tools needed for users to self-service their VDI sessions
For more details of CVAD service API endpoints and table entities, see Citrix DaaS connector specifications.
In this article
- Deployment steps
- Review prerequisites
- Permissions for the Client ID and Secret (Secure Client)
- Generate Client ID and Client Secret (Secure Client)
- Choose an API Proxy
- Gather configuration data to be entered
- Add the integration
- Subscribe Groups or Users to the Microapps
- Use DaaS microapps
- Upgrade your integration
- How the Integration works
- Further reading and viewing