Integration with Google Chrome Enterprise Premium
Solution overview
Citrix customers can leverage the world’s most popular and secure web browser, Chrome with a familiar experience to natively access authorized corporate web applications. Citrix Secure Private Access enforces per application least privilege access based on admin-defined policies that are centrally managed through the Secure Private Access console. Administrators can easily configure enterprise application domains and zero trust access policies on the Secure Private Access console. They can model policies to validate and test security outcomes and deliver the right level of user access and end-user experience.
The benefit of this integration is to provide agentless access from the Chrome browser to private web and SaaS applications by automated traffic steering through Citrix Secure Private Access infrastructure. When users access applications through Chrome, the system automatically sends their traffic to Citrix Secure Private Access via the Google Secure Gateway. This ensures secure and controlled network access without needing to install extra software on user devices. It also simplifies the deployment, reduces IT management, improves the user experience, and streamlines IT operations.
The integrated solution includes the following components:
-
Google Chrome Enterprise Premium (CEP), which includes features such as data loss prevention (DLP), malware and phishing protection, URL filtering, and Google administration console.
- The Google Chrome browser running locally on the client machine acts as a secure browser with per user level policy enforcement via Chrome managed profiles.
- The Google Chrome Enterprise Premium console accessed via the Google Cloud portal provides the administration, management, and monitoring console for the Chrome Enterprise Premium security policies.
- Citrix Secure Private Access, which includes access to the cloud infrastructure, ZTNA policy engine, and Connector Appliances deployed in the customer environment.
- Citrix console including the Secure Private Access console for zero-trust access policies to private applications and Citrix Monitor for monitoring and troubleshooting.
The Citrix Secure Private Access service enforces all the access policies configured by the administrator, ensuring that users are only granted access to specific web applications.
Chrome Enterprise Premium advanced security features
The following are some of the advanced security features offered by Chrome Enterprise Premium:
- Data loss prevention (DLP): Implement granular controls and policies to prevent sensitive data from being leaked or accidentally shared.
- Malware deep scanning: Use advanced scanning techniques to detect and quarantine unknown or high-risk files, preventing the execution of malicious code and protecting against zero-day attacks.
- Phishing protection: Safeguard users from visiting harmful websites by identifying and blocking phishing attempts, preventing the theft of login credentials and personal information.
- URL categorization and filtering: Restrict access to websites based on their content category, preventing users from accessing inappropriate or malicious content.
- Web usage insights and analytics: Provide detailed reports and analytics on web traffic, allowing administrators to monitor user activity, identify potential security threats, and optimize network bandwidth.
For more information, see Chrome Enterprise Premium overview.
Prerequisites for successful integration
To ensure optimal integration between the Citrix Workspace™ application and Chrome Enterprise Premium, the following prerequisites must be met. Successful completion of these prerequisites results in a more efficient and seamless experience when launching applications from the Citrix Workspace app or the web-based user interface.
The prerequisites are broadly classified into the following categories.
- Licenses, app versions, and extensions
- Google Admin console
- Secure Private Access service
- Chrome browser
- Synchronize user directory configured in Citrix Workspace with the Google Cloud user directory
Citrix Secure Private Access - Supported deployment modes
The integrated solution supports the following deployment modes from Citrix Secure Private Access:
- Citrix Secure Private Access service: In this deployment mode, all components, including the control plane and gateway infrastructure, are hosted in Citrix Cloud. For more information, see Citrix Secure Private Access.
- Citrix Secure Private Access hybrid deployment: This deployment allows customers to implement a Zero Trust Network Access (ZTNA) solution using on-premises StoreFront and NetScaler Gateway components and use Citrix Cloud for managing the configuration, administration, and monitoring functions. This means customers can leverage existing NetScaler Gateway on-premises to control user traffic routing while using Citrix Cloud hosted UI for management of configurations and policies and also use Citrix Monitor hosted in the Citrix Cloud for monitoring and troubleshooting functions. For more information, see Citrix Secure Private Access hybrid deployment.
Recommendations for current Secure Private Access / Citrix Enterprise Browser customers with a production tenant
We recommend that current production customers test the agentless access release in a separate tenant rather than their production tenant. A product update planned for late November 2025 will include enhancements to allow existing Secure Private Access customers to onboard the agentless access functionality while retaining their existing app configurations and access policies. The November 2025 release will also provide a user interface that allows existing Secure Private Access customers to migrate their app launches for current web and SaaS apps (currently launched via Citrix Enterprise Browser) to launch in the Chrome browser.
Customers who prefer to use this release prior to the November 2025 update must reset their existing Secure Private Access tenants to a clean state and then onboard the customers again to Secure Private Access service. Perform the following steps:
- Delete all access policies, apps, and related domains in the Secure Private Access console.
- Return to the Secure Private Access tile on the Citrix Cloud console.
- Select Fully Cloud-delivered Service architecture and then click Continue. For details, see Secure Private Access onboarding and set up.
Legal
Chrome Enterprise Premium is provided by Google LLC and your use is subject to Google’s Acceptable Use Policy and Service Specific Terms.