Users and authentication

User authentication methods

Users must authenticate when they log in to Citrix Workspace to start their desktop or apps.

Citrix Virtual Apps and Desktops Standard for Azure supports the following user authentication methods:

  • Managed Azure AD: Managed Azure AD is an Azure Active Directory (AAD) provided and managed by Citrix. You don’t need to provide your own Active Directory structure. Just add your users to the directory.

  • Your identity provider: You can use any available authentication method in Citrix Cloud.


  • Remote PC Access deployments use only Active Directory. For details, see Remote PC Access.

  • If you use Azure AD Domain Services: Workspace logon UPNs must contain the domain name that was specified when enabling Azure AD Domain Services. Logons cannot use UPNs for a custom domain you create, even if that custom domain is designated as primary.

Setting up user authentication includes the following procedures:

  1. Configure the user authentication method in Citrix Cloud and Workspace Configuration.
  2. If you’re using Managed Azure AD for user authentication, add users to the directory.
  3. Add users to a catalog.

Configure user authentication in Citrix Cloud

To configure user authentication in Citrix Cloud:

  • Connect to the user authentication method you want to use. (In Citrix Cloud, you “connect” or “disconnect” from an authentication method.)
  • In Citrix Cloud, set Workspace authentication to use the connected method.


The Managed Azure AD authentication method is configured by default. That is, it is automatically connected in Citrix Cloud, and Workspace authentication is automatically set to use Managed Azure AD for this service. If you want to use this method (and have not previously configured a different method), continue with Add and delete users in Managed Azure AD.

To change the authentication method:

  1. From the Manage dashboard in the service, click User Access & Authentication on the right.

    User Access and Authentication display in Manage dashboard

  2. Click Manage User Access and Authentication. Select the Workspace tab, if it isn’t already selected. (The other tab indicates which user authentication method is currently configured.)

    Links to changing workspace authentication

  3. Follow the link To set up authentication methods. That link takes you to Citrix Cloud. Select Connect in the ellipsis menu for the method you want.

  4. While still in Citrix Cloud, select Workspace Configuration in the upper left menu. On the Authentication tab, select the method you want.

What to do next:

Add and delete users in Managed Azure AD

Complete this procedure only if you’re using Managed Azure AD for user authentication to Citrix Workspace.

You provide your users’ name and email addresses. Citrix then emails an invitation to each of them. The email instructs users to click a link that joins them to the Citrix Managed Azure AD.

  • If the user already has a Microsoft account with the email address you provided, that account is used.
  • If the user does not have a Microsoft account with the email address, Microsoft creates an account.

To add and invite users to Managed Azure AD:

  1. From the Manage dashboard in the service, expand User Access & Authentication on the right. Click Manage User Access and Authentication.
  2. Click the Managed Azure AD tab.
  3. Click Invite Users.

    Request to add user to Managed Azure AD

  4. Type the name and email address of a user, and then click Add User.

    Add user info to Managed Azure AD

  5. Repeat the preceding step to add other users.
  6. When you’re done adding user information, click Invite Users at the bottom of the card.

To delete a user from Managed Azure AD, click the trash icon next to the name of the user you want to delete from the directory. Confirm the deletion.

What to do next: Add users to the catalog

Add or remove users in a catalog

Complete this procedure regardless of which authentication method you use.

  1. From the Manage dashboard in the service, if you haven’t added any users to a catalog, click Add subscribers.

    Request to add users to catalog

    To add users to a catalog that already has users, click anywhere in the catalog’s entry.

  2. On the Subscribers tab, click Manage Subscribers.

    Manage Subscribers dialog box

  3. Select a domain. (If you’re using Managed Azure AD for user authentication, there’s only one entry in the domain field.) Then select a user.

    Add users to catalog

  4. Select other users, as needed. When you’re done, click the X in the upper right corner.

To remove users from a catalog, follow steps 1 and 2. In step 3, click the trash icon next to the name you want to delete (instead of selecting a domain and group/user). This action removes the user from the catalog, not from the source (such as Managed Azure AD or your own AD or AAD).

What to do next:

More information

For more information about authentication in Citrix Cloud, see Identity and access management.

Users and authentication