Diagnostic logs for Enterprise Web and SaaS apps access

The Citrix Secure Private Access events are now integrated with Citrix Analytics. Citrix Analytics provides a public endpoint that enables admins to access and download the events. These events can be accessed through a PowerShell script.

Citrix Secure Private Access customers can now access this script and run the script in their environment to view the diagnostic logs. Customers can then use the logs to troubleshoot or debug SaaS/web apps access failures reported by their end users.

Points to note:

  • Presently, there is no user interface to troubleshoot or debug the Enterprise Web/SaaS apps access failure logs. User Interface support is planned for future releases.
  • The PowerShell script can be downloaded from https://citrix.sharefile.com/d-s3096b922f9dd41c38d906c94b818ef26.
  • To run the PowerShell script, you must enter a client ID and Secret in the script.

Following are the steps to create a client ID and Secret using Citrix Cloud user interface.

  1. From the Citrix Cloud menu, select Identity and Access Management.

  2. On the Identity and Access Management tile, select API Access tab.

    IDAM Secure Client

  3. Provide a name for Secure Client and click Create Client.

    IDAM Create Client

  4. Click Download on the following screen to download your ID and Secret.

    IDAM Download ID Secret

To run the PowerShell script and save the diagnostic logs, open a PowerShell tool in your machine and type the following commands.

Set-ExecutionPolicy RemoteSigned

Note: You must set the PowerShell Execution Policy to RemoteSigned or Unrestricted to allow local PowerShell scripts to be run.

For more information about the PowerShell Execution Policy, see the Microsoft PowerShell article about Execution Policies.

To download the diagnostic logs:

  1. Import-Module <location of the locally downloaded PowerShell script>

  2. Get–CitrixSecurePrivateAccessLogs -clientId <> -customer <> -timerange <> -outFile <>

  3. Enter the client secret.

The diagnostic logs get saved in the file specified under the outFile parameter in the previous command.

Parameter description:

  • ClientId – Client ID created and downloaded from Citrix Cloud UI

  • ClienSecret - Client secret created and downloaded from Citrix Cloud UI

  • Customer - ID to be taken from the Citrix Cloud UI -> Identity and Access Management -> API Access

    IDAM customer ID

  • OutFile - Location where you want to save your output log file

Example command:

Get-CitrixSecurePrivateAccessLogs -clientId  "cd720b41-21f2-3232-9cc8-34c90kcm73f2" -customer "j5d24a513k3r" -timeRange  "2022-01-25T00:00:00.000Z,2022-01-30T00:00:00.000Z" -outFile  "C:\diagnosticLogs.csv"

Run Script

Diagnostic logs for Enterprise Web and SaaS apps access

In this article