Citrix is announcing a tech preview of Federated Authentication using Azure Active Directory for XenApp Essentials users.
With this new tech preview, XenApp Essentials administrators can now configure the XenApp Essentials Workspace UI to authenticate users using Azure AD. Since Citrix announced at Synergy in May 2017 that Azure is our strategic and preferred cloud provider, we are excited to share this milestone in our broader effort to integrate Azure Active Directory with all of our Citrix Cloud Services.
Eager to get started? Great! I would like to walk you through the steps to configure the XenApp Essentials service to let users sign in with Azure Active Directory. In this post, I will walk you through how to:
- Setup the XenApp Essentials service to communicate with your Azure AD
- Configure your users’ XenApp Essentials workspace portal to enable users to authenticate against your Azure AD
- Demonstrate the latest UI enhancements available to a XenApp Essentials user who authenticates with their Azure AD credentials
Setting up Azure Active Directory with XenApp Essentials
Sign into XenApp Essentials via Citrix Cloud (seems like a good place to start, right?), and you will see your Dashboard:
Navigate to the Identity Management page by clicking on the Navigation Menu and selecting Identity and Access Management.
This is where you can connect XenApp Essentials to your Azure AD. In the My Company’s Identity Providers box, click the Connect button.
You will be prompted to enter an Administrator Sign-in URL before continuing. This allows other administrators added from Azure AD to navigate to https://citrix.cloud.com/go/<your_sign-in_URL> to sign into XenApp Essentials with Azure AD. Once you enter a sign-in URL, click Connect. You will be redirected to the Microsoft login page. (Tip: If you do not see the login page, please delete your cookies and start the process over. This may happen if you are already signed into Azure AD.)
On the Microsoft login page, enter your Azure AD credentials and click Sign in.
Once you’ve successfully authenticated with Microsoft, you will be redirected back to the XenApp Essentials Identity and Access Management page:
The XenApp Essentials management plane is now connected to your Azure Active Directory! You can proceed with configuring XenApp Essentials for your users in Azure AD, but I want to review two key Citrix Cloud XenApp Essentials terms with you. First, subscribers are your end users who are accessing the XenApp Essentials services. Nothing new here. However, the term workspace is new to the Citrix Cloud XenApp Essentials UI. Citrix is committed to delivering a complete digital workspace experience to every subscriber (end user) and the XenApp Essentials console has been updated to reflect that commitment. Now XenApp Essentials subscribers will access their virtual applications via a modern workspace experience. I’m about to show you that part, but before I get ahead of myself let me briefly explain the Subscriber Access to Workspace section. The Sign in URL is the URL that subscribers will enter to access their XenApp Essentials workspace.
Now that you’ve successfully connected your Azure Active Directory to XenApp Essentials, let’s configure your workspace to allow your subscribers to authenticate using Azure AD.
Configuring your XenApp Essentials Workspace to use Azure Active Directory
The next step is to configure the XenApp Essentials Workspace for Azure AD authentication. The exciting news here is that we have made it easier to customize the appearance of the XenApp Essentials UI (workspace) for your subscribers. I’ll show you that now. Return to the Navigation Menu and select Workspace Configuration.
The Workspace Configuration page makes it easy to customize the subscribers’ XenApp Essentials workspace experience. Upon navigating here, you will see the Access tab. This page will allow you to edit your Workspace URL by selecting Change. This is a key improvement as you can select your personalized URL directly in the admin UI.
If you would like to customize your XenApp Essentials Workspace URL, simply click Change, enter a new URL, and click Save when you’re done.
Now we need to integrate Azure AD and the XenApp Essentials workspace. Navigate to the Authentication tab and you will see it that the default authentication method for subscribers is set to Active Directory.
Click on the radio button next to Azure Active Directory (Tech Preview). This action will open a modal explaining how the subscriber and administrator experience will change. If you are OK with the changes, click the checkbox to let Citrix Cloud XenApp Essentials know that you understand the impact on the subscriber and administrative experience. Then click Confirm.
After confirming, you’ve successfully configured your XenApp Essentials workspace to use Azure AD to authenticate users. Your final view should look like this:
Note: the virtual machines hosting your applications still need to be domain joined, either Active Directory or Azure Active Domain Services (AAD + DS).
Signing into your Workspace (Subscriber/User Experience)
To sign into your XenApp Essentials workspace as a subscriber, navigate to your Workspace URL (in this example, https://acmecorp.cloud.com). You will be automatically redirected to the Azure AD login screen. Once you have authenticated, your XenApp Essentials workspace will be displayed.
Congratulations on getting up and running with XenApp Essentials and Azure AD! Now your users will be able to authenticate with Azure AD to gain access to your XenApp Essentials workspace. Note: the user will be prompted for AD credentials when launching an application in this tech preview experience. Citrix is committed to bringing Azure AD integration into all of our Citrix Cloud services along with the new workspace experience.