Jump to content
Welcome to our new Citrix community!

Azure IDP and Citrix

Tony Flanagan

Recommended Posts

My company has a requirement for external 3rd party users and suppliers logging onto our Citrix environment.


We are looking for a solution that would allow these users to authenticate to our Azure AADC (IDP) as a ‘guest’ user in our Azure tenancy, that would then allow the user to have access to Citrix published applications. The idea behind this is that we would not have to create local AD accounts for these users in our on-premise AD and being guest users in the Microsoft IDP this would allow us to save on Microsoft licences for these external users.


So far we have managed to use Netscaler Gateway set up with SAML authentication to log a trusted (Gmail user account) via Azure IDP through to the Citrix storefront. This authenticated the Gmail user account to see a Citrix icon (to connect from ‘myapps.microsoft.com’ ) but doesn’t give us any access to any of the actual Citrix apps (as the user is not in our local AD on premise). We have managed to get this working for someone who has an on premise AD account that gets synchronised to AADC in Azure (in a double authentication manner).


Does anyone know if there is any way of achieving this and maybe done something like this? I have seen the FAS authentication but I am not sure that this would offer this type of access.


Thanks in advance. 

Link to comment
Share on other sites

Did you create a local shadow account in your local AD for the user and assign the shadow account to the published apps? The shadow account will need a UPN that matches a claim from the IdP.


After StoreFront is working, then you can implement FAS to SSON to the VDA machines.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...