-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Support Azure AD Group-Based Administration for Citrix Endpoint Management
-
Authentication with Azure Active Directory through Citrix Gateway for MAM enrollment
-
Authentication with Okta through Citrix Gateway for MAM enrollment
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Authentication with Azure Active Directory through Citrix Cloud
Citrix Endpoint Management supports authentication with Azure Active Directory (Azure AD) credentials through Citrix Cloud. This authentication method is available only to users enrolling in MDM through Citrix Secure Hub.
To use Citrix Secure Hub with MDM+MAM, configure Citrix Endpoint Management to use NetScaler Gateway for MAM enrollment. For more information, see NetScaler Gateway and Citrix Endpoint Management.
Citrix Endpoint Management uses the Citrix Cloud service, Citrix identity, to federate with Azure Active Directory. Citrix recommends that you use the Citrix identity provider instead of a direct connection to Azure Active Directory.
Citrix Endpoint Management supports authentication with Azure AD for the following platforms:
- iOS and macOS devices not enrolled in the Apple Business Manager or Apple School Manager
- iOS and macOS devices enrolled in the Apple Business Manager
- Android Enterprise devices (preview), for BYOD and fully managed modes
Authentication with Azure AD through Citrix Cloud has these limitations:
- Isn’t available for Citrix Endpoint Management local accounts.
- Doesn’t support authentication through Azure AD for enrollment invitations. If you send users an enrollment invitation that has an enrollment URL, users authenticate through LDAP instead of Azure AD.
Prerequisites
- Azure Active Directory user credentials
- User groups in Active Directory must match the user groups in Azure Active Directory.
- User names and email addresses in Active Directory must match the user names and email addresses in the Azure Active Directory.
- Citrix Cloud account, with Citrix Cloud Connector installed for directory service synchronization.
- NetScaler Gateway. Citrix recommends that you either enable certificate-based authentication or Azure AD for a full single sign-on experience. If you use LDAP authentication on the NetScaler Gateway for MAM registration, end users experience a dual authentication prompt during enrollment. For more information, see Client certificate or certificate plus domain authentication.
- In the enrollment profile for Android Enterprise, set Allow users to decline device management to Off. If users decline device management, they can’t enroll using an identity provider to authenticate. For more information, see Enrollment security.
Configure Citrix Cloud to use Azure Active Directory as your identity provider
To set up this service for use with the Citrix Secure Hub, configure Azure Active Directory in Citrix Cloud.
-
Go to https://citrix.cloud.com and sign in to your Citrix Cloud account.
-
From the Citrix Cloud menu, go to the Identity and Access Management page and connect to Azure Active Directory.
-
Type your administrator sign-in URL and then click Connect.
-
After you sign in, your Azure Active Directory account connects to Citrix Cloud. The Identity and Access Management > Authentication page shows which accounts to use to sign in to your Citrix Cloud and Azure AD accounts.
-
To enable authentication with Azure AD for users enrolling through the Citrix Secure Hub, under Workspace Configuration > Authentication, select Azure Active Directory. After you complete the configuration, you can enroll user devices through the Citrix Secure Hub.
Configure Citrix identity as the IdP type for Citrix Endpoint Management
This configuration applies only to users enrolling through Citrix Secure Hub. After you configure Azure Active Directory in Citrix Cloud, configure Citrix Endpoint Management as follows.
-
In the Citrix Endpoint Management console, go to Settings > Identity Provider (IDP) and then click Add.
-
On the Identity Provider (IDP) page, configure the following:
- IDP Name: Type a unique name to identify the IdP connection that you’re creating.
- IDP Type: Choose Citrix Identity Platform.
- Authentication Domain: Choose Azure Active Directory. This domain corresponds to the Identity provider domain on the Citrix Cloud Workspace Configuration > Authentication page.
-
Click Next. On the IDP Claims Usage page, configure the following:
- User Identifier type: By default, this field is set to userPrincipalName. Make sure that you configure all users with the same identifier in both your on-premises Active Directory and in Azure Active Directory. Citrix Endpoint Management uses this identifier to map users on the identity provider with on-premises Active Directory users.
- User Identifier string: This field is automatically filled.
-
Click Next, review the Summary page, and then click Save.
Citrix Secure Hub users, Citrix Endpoint Management console, and Self-Help Portal users can now sign in with their Azure Active Directory credentials. Citrix Secure Hub users who are domain-joined can use Citrix Secure Hub to sign in with their Azure AD credentials. Citrix Secure Hub uses client certificate authentication for MAM devices.
Citrix Secure Hub authentication flow
Citrix Endpoint Management uses the following flow to authenticate users with Azure AD as an IdP on devices enrolled through Citrix Secure Hub:
- A user starts Citrix Secure Hub.
- Citrix Secure Hub passes the authentication request to Citrix identity, which passes the request to Azure Active Directory.
- The user types their Azure Active Directory user name and password.
- Azure Active Directory validates the user and sends a code to Citrix identity.
- Citrix identity sends the code to Citrix Secure Hub, which sends the code to the Citrix Endpoint Management server.
- Citrix Endpoint Management gets an ID token by using the code and secret and then validates the user information that’s in the ID token. Citrix Endpoint Management returns a session ID.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.