Jump to content
Welcome to our new Citrix community!
  • 0

Using Azure AD for Authentication - Getting prompted for login twice


Anthony Tsang1709160819

Question

Do you guys know if there is a way around having to authenticate a 2nd time when accessing apps or desktops when using Azure AD authentication? I do not have this problem when using AD through the cloud connectors, but when I am using Azure AD (Need this for the MFA), I run into this issue. This is a dealbreaker as I need my users to have the same experience as we have now for on prem, (Push MFA + Single auth), and now it seems like I have to choose between push MFA (Azure AD), or Single auth (Active Directory + MFA). I love the cloud interface so far, but I'm afraid I might have to revert to on prem unless I can find a way around this issue. Thanks.

Link to comment

4 answers to this question

Recommended Posts

https://docs.citrix.com/en-us/citrix-cloud/workspace-configuration.html#azure-active-directory

 

Azure AD authentication:

Added security: Users are prompted to sign in again when launching an app or a desktop. This is intentional and provides more security, because the password information flows directly from user’s device to the VDA that is hosting the session.

 

You do have additional options 1) Use native MFA built into the Workspace or 2) Use your existing Storefront\Netscaler with Citrix Cloud for user access 

 

Link to comment

Thats good to know its on the roadmap, I had the same question.

 

In the meantime though, are there any options to increase the workspace timeout so users only occasionally get prompted for login + MFA there?  Most other web services with Azure AD integration you have the option to "remember this computer" and then it only occasionally re-prompts for login + MFA.  With this setup the authentication lasts days but it looks like the maximum workspace timeout is 8 hours.

 

Shorter workspace timeouts, like the default 30 minutes make sense for other authentication methods where there is no password prompt at the desktop or app launch, but it would be useful if long timeouts were supported for Azure AD logins when it still prompts for the password at desktop or app launch.

 

-Chris

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...