Manage Citrix Cloud Japan administrators
Administrators are managed from the Citrix Cloud Japan console. Depending on the identity provider you use to authenticate administrators, you can add administrators individually or using groups.
By default, new administrators have Full Access permissions to all functions in the Citrix Cloud Japan account. See Configure administrator permissions in this article to learn how to delegate account administration.
Add new administrators
Citrix Cloud Japan supports the following identity providers for authenticating administrators:
- Citrix identity provider: The default identity provider in Citrix Cloud. Supports adding individual administrators only.
- Azure AD: Supports adding administrators individually and through Azure AD groups. Administrators in Azure AD groups are limited to accessing Citrix DaaS only. For more information, see Manage administrator groups.
- SAML 2.0: Supports adding administrators through AD groups only. Administrators in AD groups are limited to managing Citrix DaaS only. For more information, see Connect SAML as an identity provider to Citrix Cloud Japan.
Adding new administrators uses the following workflow:
- Select the identity provider that you want to use for authenticating administrators.
- Depending on the identity provider, invite individual administrators or select the groups that the administrators belong to.
- Specify the access permissions that align with the administrators’ roles in your organization. For more information, see Configure administrator permissions in this article.
Invite individual administrators
Adding individual administrators involves inviting them to join your Citrix Cloud Japan account. When you add an administrator, Citrix sends them an invitation email. Before the administrator can sign in, they must accept the invitation. Administrators that you add through groups don’t receive invitations and can sign in immediately after you add them.
Invitation emails are sent from cloud@citrix.com
and explain how to access the account. The email is valid for five consecutive days from the day you send it. After five days have elapsed, the invitation link expires. If the invited administrator uses the expired link, Citrix Cloud Japan displays a message indicating the link is not valid.
Citrix Cloud Japan also displays the status of the invitation so you can see whether the administrator accepted it and signed in to Citrix Cloud Japan.
To invite an administrator
- After signing in to Citrix Cloud Japan, select Identity and Access Management from the menu.
- On the Identity and Access Management page, select Administrators. The console shows all the current administrators in the account.
- Select Add administrator/group.
- In Administrator details, select the identity provider you want to use. If using Azure AD, Citrix Cloud Japan might prompt you to sign in first.
- If Citrix Identity is selected, enter the user’s email address and then select Next.
- If Azure AD is selected, type the name of the user you want to add and then click Next. Inviting Azure AD guest users is not supported.
- In Set access, configure the appropriate permissions for the administrator. Full access (selected by default) allows control of all Citrix Cloud Japan functions and subscribed services. Custom access allows control of the functions and services that you select.
- Review the administrator details. Select Back to make any changes.
- Select Send invitation. Citrix Cloud Japan sends an invitation to the user you specified and adds the administrator to the list.
Resend an invitation
To resend the invitation, select Resend Invite Email from the ellipsis menu at the far-right of the console. Resending an invitation doesn’t affect the five-day time limit before the invitation expires.
Resend an invitation with a new sign-in link
If the original invitation email expires and you want to send a new one to the administrator, delete the administrator from Citrix Cloud Japan and then invite them again.
Accept an administrator invitation
If you are invited to a Citrix Cloud Japan account, Citrix Cloud Japan sends you an email that includes the organization ID and the customer name of the account.
To accept the invitation, click Sign In. Afterwards, a browser window opens. If you don’t already have a Citrix account, the browser displays a page where you can create your password. If you already have an account, Citrix Cloud Japan prompts you to use your existing password to sign in.
Add administrator groups
You can add administrators using AD groups (for SAML authentication) or Azure AD groups (for Azure AD authentication). For more information, see the following articles:
Configure administrator permissions
When you add administrators to your Citrix Cloud Japan account, you might need to assign different levels of access to them, such as:
- Help desk access for Citrix DaaS
- Access to manage one or more specific cloud services
- Access to manage specific Citrix Cloud Japan functions such as Library or resource locations
With delegated administration, you can configure the access permissions all of your administrators need in accordance with their role in your organization.
Console permissions
Use the following permissions to configure custom access to the Citrix Cloud Japan management console:
- Customer Dashboard (View Only): For Citrix Service Providers (CSPs) only. Grants view access to the Customer Dashboard.
- Domains: Grants access to the Identity and Access Management > Domains tab. Administrators can add an Active Directory domain by downloading the Citrix Cloud Connector software from this tab and installing it on a server in the domain.
- Library: Grants access to the Library console page.
- Licensing: Grants access to the Cloud Services and Licensed Deployments tabs of the Licensing console page.
- Notifications: Grants access to the Notifications console page. Administrators can view and dismiss Citrix Cloud notifications.
- Resource Locations: Grants access to the Resource Locations console page. Administrators can add new resource locations and add FAS servers for Citrix Workspace single sign-on. They can also add connectors and manage connector updates.
- Secure Client: Grants access to the Identity and Access Management > API Access > Secure Clients tab. Administrators can create and manage their own secure clients for use with Citrix Cloud APIs. This permission doesn’t include access to the Identity and Access Management > API Access > Product Registrations tab. Only full access administrators can access the Product Registrations tab. For more information, see Monitor licenses and usage for on-premises deployments in the Citrix Cloud product documentation.
- System Log: Grant access to the System Log console page. Administrators can view system log events and export events to a CSV file.
- Workspace Configuration: Grants access to the Workspace Configuration console page. Administrators can change authentication methods, customize workspace appearance and behavior, enable and disable services, and configure site aggregation. For more information, see the Citrix Workspace product documentation.
To change existing permissions
Only Citrix administrators with Full access can define access permissions for other administrators.
- Sign in to Citrix Cloud Japan at https://citrix.citrixcloud.jp.
- Click the menu button in the top-left corner of the page and select Identity and Access Management.
- Click the Administrators tab.
- Locate the administrator you want to manage, click the ellipsis button, and select Edit access.
- Select Custom access.
- Select or clear each permission as needed.
- Click Save.
Change your device for multifactor authentication
If you lose your enrolled device, want to use a different device with Citrix Cloud Japan, or reset your authenticator app, you can re-enroll in Citrix Cloud Japan multifactor authentication.
Notes
- Changing your device deletes the current device enrollment and generates a new authenticator app key.
- If you are re-enrolling with the same authenticator app from your original enrollment, delete the Citrix Cloud Japan entry from your authenticator app before you re-enroll. The codes displayed in this entry will no longer work after you complete re-enrollment. If you don’t delete this entry before or after re-enrollment, your authenticator app displays two Citrix Cloud Japan entries with differing codes which can cause confusion when signing in to Citrix Cloud Japan.
- If you are re-enrolling with a new device and don’t have an authenticator app, download and install one from your device’s app store. For a smoother experience, Citrix recommends installing an authenticator app before you re-enroll your device.
-
Sign in to Citrix Cloud Japan and enter the code from your authenticator app.
If you don’t have your authenticator app, click Don’t have your authenticator app? and select a recovery method to help you sign in. Depending on the recovery method selected, enter the recovery code you received or an unused backup code and select Verify.
- If you are an administrator for multiple customer organizations, select any customer organization.
-
From the top-right menu, select My Profile.
- In Authenticator app, select Change device.
- When prompted to confirm changing your device, select Yes, change device.
- Verify your identity by entering a verification code from your authenticator app. If you don’t have an authenticator app, select Don’t have your authenticator app? and select a recovery method. Depending on the recovery method you select, enter the verification code or recovery code you receive or an unused backup code. Select Verify.
- If you are using the device you originally enrolled and your original authenticator app, delete the existing Citrix Cloud Japan entry from your authenticator app.
- If you are enrolling a new device and don’t have an authenticator app, download one from your device’s app store.
- From your authenticator app, scan the QR code with your device or enter the key manually.
- Enter the 6-digit verification code from your authenticator app and select Verify code.
Manage your verification methods
Important:
To ensure your Citrix Cloud Japan account remains secure, keep your verification methods up-to-date with accurate information. If you lose access to your authenticator app, these verification methods are the only way you can recover access to your account.
Generate new backup codes
If you lose or need to generate more one-time use backup codes, you can generate a new set of backup codes at any time. After you generate new backup codes, be sure to store them in a safe place.
- Sign in to Citrix Cloud Japan and enter the code from your authenticator app.
- If you are an administrator for multiple customer organizations, select any customer organization.
- From the top-right menu, select My Profile.
- Under Verification methods, in Backup codes, select Replace backup codes.
- Verify your identity by entering a verification code from your authenticator app.
- When prompted to replace your backup codes, select Yes, replace. Citrix Cloud Japan generates and displays a new set of backup codes.
- Select Download codes to download your new codes as a text file. Then, select I’ve saved these codes and select Close.
Change your recovery phone number
- Sign in to Citrix Cloud Japan and enter the code from your authenticator app.
- If you are an administrator for multiple customer organizations, select the customer organization from which you originally enrolled in multifactor authentication.
- From the top-right menu, select My Profile.
- Under Verification methods, in Recovery phone, select Change recovery phone.
- Enter the new phone number you want to use and then select Save.