Citrix Endpoint Management

Authentication with Azure Active Directory Group-Based Administration

Citrix Endpoint Management now supports group-based identity authentication for accessing its services through Azure Active Directory (AAD) and SAML identity providers. This update ensures that administrators can manage access at the group level using AAD group membership, offering flexibility and enhanced security. The legacy Citrix Identity login mechanism remains available as an alternative.

Key Enhancements

  • Azure AD Group Integration: Administrators can now manage user access to CEM services by leveraging Azure AD groups. This simplifies permissions management and allows for group-based access controls.
  • Citrix Endpoint Management Login Authentication with Azure AD Groups: Users can authenticate through Azure AD groups, providing seamless integration with existing organizational identity infrastructure.
  • Full Support for SAML: SAML identity providers can also be used for group-based authentication.
  • Legacy Citrix Identity Support: Citrix Identity login is still available, ensuring users can transition at their own pace.

Feature Flags

  • Citrix Cloud feature flag: fullAccessGroups – This feature is enabled by default to allow full access for groups.
  • Citrix Endpoint Management feature flag: cc.group.based.admin – Enables group-based administration functionality in Citrix Endpoint Management.

Prerequisites

  • Azure AD is configured in the Citrix Cloud portal.
  • Admin Sign-in URL for Citrix Cloud needs to be set for accessing Citrix Endpoint Management through Azure AD groups.

Configuration Steps

  1. Log in to the Azure Portal and access Azure Active Directory.
  2. Navigate to Users and select Create new user.
  3. Navigate to Groups, click New group, and add the newly created user as a member of this group.
  4. Log in to Citrix Cloud using Admin credentials to sign in.
  5. Navigate to Identity and Access Management, assign either full or custom permissions to the new Azure AD group.
  6. The user in the Azure AD group can now log in to Citrix Endpoint Management using the Admin Sign-in URL.
Authentication with Azure Active Directory Group-Based Administration