Citrix DaaS

Users and authentication in Quick Deploy

User authentication methods

Users must authenticate when they log in to Citrix Workspace to start their desktop or apps.

Quick Deploy supports the following user authentication methods:

  • Managed Azure AD: Managed Azure AD is an Azure Active Directory (AAD) provided and managed by Citrix. You don’t need to provide your own Active Directory structure. Just add your users to the directory.

  • Your identity provider: You can use any available authentication method in Citrix Cloud.

Note:

  • Remote PC Access deployments use only Active Directory. For details, see Remote PC Access.

  • If you use Azure AD Domain Services: Workspace logon UPNs must contain the domain name that was specified when enabling Azure AD Domain Services. Logons cannot use UPNs for a custom domain you create, even if that custom domain is designated as primary.

Setting up user authentication includes the following procedures:

  1. Configure the user authentication method in Citrix Cloud and Workspace Configuration.
  2. If you’re using Managed Azure AD for user authentication, add users to the directory.
  3. Add users to a catalog.

Configure user authentication in Citrix Cloud

To configure user authentication in Citrix Cloud:

  • Connect to the user authentication method you want to use. (In Citrix Cloud, you “connect” or “disconnect” from an authentication method.)
  • In Citrix Cloud, set Workspace authentication to use the connected method.

Note:

The Managed Azure AD authentication method is configured by default. That is, it is automatically connected in Citrix Cloud, and Workspace authentication is automatically set to use Managed Azure AD for Citrix DaaS (formerly Citrix Virtual Apps and Desktops service). If you want to use this method (and have not previously configured a different method), continue with Add and delete users in Managed Azure AD. If the Managed Azure AD is disconnected, the Workspace authentication will be switched to Active Directory. If you want to use a different authentication method follow the steps below.

To change the authentication method:

  1. From Manage > Quick Deploy, select User Access & Authentication on the right.

    User Access and Authentication display in Manage dashboard

  2. Select Manage User Access and Authentication. Select the Workspace tab, if it isn’t already selected. (The other tab indicates which user authentication method is currently configured.)

    Links to changing workspace authentication

  3. Follow the link To set up authentication methods. That link takes you to Citrix Cloud. Select Connect in the ellipsis menu for the method you want.

  4. While still in Citrix Cloud, select Workspace Configuration in the upper left menu. On the Authentication tab, select the method you want.

What to do next:

Add and delete users in Managed Azure AD

Complete this procedure only if you’re using Managed Azure AD for user authentication to Citrix Workspace.

You provide your users’ name and email addresses. Citrix then emails an invitation to each of them. The email instructs users to select a link that joins them to the Citrix Managed Azure AD.

  • If the user already has a Microsoft account with the email address you provided, that account is used.
  • If the user does not have a Microsoft account with the email address, Microsoft creates an account.

To add and invite users to Managed Azure AD:

  1. From Manage > Quick Deploy, expand User Access & Authentication on the right. Select Manage User Access and Authentication.
  2. Select the Managed Azure AD tab.
  3. Select Invite Users.

    Request to add user to Managed Azure AD

  4. Type the name and email address of a user, and then select Add User.

    Add user info to Managed Azure AD

  5. Repeat the preceding step to add other users.
  6. When you’re done adding user information, select Invite Users at the bottom of the card.

To delete a user from Managed Azure AD, select the trash icon next to the name of the user you want to delete from the directory. Confirm the deletion.

What to do next: Add users to the catalog

Add or remove users in a catalog

Complete this procedure regardless of which authentication method you use.

  1. From Manage > Quick Deploy, if you haven’t added any users to a catalog, select Add subscribers.

    Request to add users to catalog

    To add users to a catalog that already has users, click anywhere in the catalog’s entry.

  2. On the Subscribers tab, select Manage Subscribers.

    Manage Subscribers dialog box

  3. Select a domain. (If you’re using Managed Azure AD for user authentication, there’s only one entry in the domain field.) Then select a user.

    Add users to catalog

  4. Select other users, as needed. When you’re done, select the X in the upper right corner.

To remove users from a catalog, follow steps 1 and 2. In step 3, select the trash icon next to the name you want to delete (instead of selecting a domain and group/user). This action removes the user from the catalog, not from the source (such as Managed Azure AD or your own AD or AAD).

What to do next:

More information

For more information about authentication in Citrix Cloud, see Identity and access management.

Users and authentication in Quick Deploy