Citrix Secure Private Access™

Terminate active user sessions and block end users

Admins can now terminate all active end-user sessions immediately and add the users to the disabled users list. When end users are added to the disabled users list, active application sessions are blocked regardless of the method used to access the applications. The methods can be using the Citrix Enterprise Browser™, direct access, CWA for HTML5, and the Citrix Secure Access agent.

When a user is added to the disabled users list, all resources connected through the Secure Access agent such as file shares, RDP, SSH sessions are blocked. Disabled users cannot launch new applications.

Admins can block the users in the following scenarios.

  • An employee’s credentials are deactivated from the Active Directory. This scenario can occur if an employee quits the organization or is terminated from the organization.

    After the credentials are deactivated, if the user tries to access a Web or a SaaS app, an error message is displayed prompting the user to contact the IT administrator.

  • A user’s access is revoked after being disabled for a certain duration. In such cases, access is granted immediately once the access is revoked.
  • A device is lost or stolen. In such cases, the access is disabled and all current sessions are terminated. The user can be removed from the disabled users list after the current sessions are terminated.

Note:

  • Internet access via Citrix Enterprise Browser or SaaS apps access is allowed even after a user is disabled as the end users can still access them via their native browsers.
  • The blocked users’ list is purged after 7 days.
  • When the users are disabled, only the active app sessions are terminated and the subsequent app access is blocked. However, they are not logged out of Citrix Workspace™ app or the Citrix Secure Access™ client.

Add users to the block list

  1. Navigate to Secure Private Access > Policies > Blocklist.
  2. Click the Users tab.
  3. In Domain, select the domain for which the access must be blocked.
  4. In User, search for the user name. All user names that match the search criteria are displayed.

    If the user is removed from the directory service, then that user name does not appear in the User list.

  5. Select the checkbox corresponding to the user name that you want to disable, and then click Save. A confirmation message appears.
  6. Click Save.

    • The user’s active sessions are terminated immediately.
    • When the disabled user logs off from the Citrix Secure Access client or Citrix Workspace app, the user cannot log in again.
    • If a user has already logged in using the Citrix Secure Access client or Citrix Workspace app, the user cannot enumerate or launch an app.
Terminate active user sessions and block end users