-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Authentication with Azure Active Directory through Citrix Gateway for MAM enrollment
-
Authentication with Okta through Citrix Gateway for MAM enrollment
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
-
-
Endpoint Management deployment
-
Role-Based Access Control and Endpoint Management support model
-
Configuring certificate-based authentication with EWS for Secure Mail push notifications
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Role-based access control and Citrix Endpoint Management support
Citrix Endpoint Management uses role-based access control (RBAC) to restrict user and group access to Citrix Endpoint Management system functions such as the Citrix Endpoint Management console, Self-Help Portal, and public API. This article describes the roles built in to Citrix Endpoint Management and includes considerations for deciding on a support model for Citrix Endpoint Management that uses RBAC.
Built-In roles
You can change the access granted to the following built-in roles and you can add roles. For the full set of access and feature permissions associated with each role and their default settings, download Role-Based Access Control Defaults. For a definition of each feature, see Configure roles with RBAC.
Admin role
Default access granted:
- Full system access except to the Self-Help Portal.
- By default, administrators can do some support tasks, such as check connectivity and create support bundles.
Considerations:
- Do some or all of your administrators need access to the Self-Help Portal? If so, you can edit the Admin role or add Admin roles.
- To restrict access further for some administrators or administrator groups, add roles based on the Admin template and edit the permissions.
User
Default access granted:
- Access to the Self-Help Portal, which lets authenticated users generate enrollment links. The links allow them to enroll their devices or send themselves an enrollment invitation.
- Restricted access to the Citrix Endpoint Management console: device features (such as wipe, lock/unlock device; lock/unlock container; see location and set geographic restrictions; ring the device; reset container password); add, remove, and send enrollment invitations.
Considerations:
- The User role enables you to enable users to help themselves.
- To support shared devices, create a user role for shared device enrollment.
Considerations for a Citrix Endpoint Management support model
The support models that you can adopt can vary widely and might involve third parties who handle level 1 and 2 support while employees handle level 3 and 4 support. Regardless of how you distribute the support load, keep in mind the considerations in this section specific to your Citrix Endpoint Management deployment and user base.
Do users have corporate-owned or BYO devices? The primary question that influences support is who owns the user devices in your Citrix Endpoint Management environment. If your users have corporate-owned devices, you might offer a lower level of support, as a way to lock down the devices. In that case, you might provide a help desk that assists users with device issues and how to use the devices. Depending on the types of devices you need to support, consider how you might use the RBAC Device Provisioning and Support roles for your help desk.
If your users have BYO devices, your organization might expect users to find their own sources for device support. In that case, the support your organization provides is more of an administrative role focused around Citrix Endpoint Management-specific issues.
What is your support model for desktops? Consider whether your support model for desktops is appropriate for other corporate-owned devices. Can you use the same support organization? What extra training might they need?
Do you want to give users access to the Citrix Endpoint Management Self-Help Portal? Although some organizations prefer not to grant users access to Citrix Endpoint Management, giving users some self-support capabilities can ease the load on your support organization. If the default User role for RBAC includes permissions that you don’t want to grant, consider creating a role with only the permissions you want to include. You can create as many roles as needed to meet your requirements.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.