Jump to content
Welcome to our new Citrix community!
  • 0


Hi all,


Need to restrict login access throught secure hub to endpoint management service on citrix cloud only allowed to all user nested with a security AD group. Scope is to avoid that CEM user licenses can be allocated without admin control that know how many user can be allowed simply counting them by using AD group that match the amount of licenses purchased and still available.


So, I administer xenmobile on premises too, both solutions use Citrix Gateway virtual server on prem for mVPN. In xenmobile on prem I used the search filter explained in the CTX111079 and it works as I want, AD user out of admin control can't reach xenmobile and use a license that is not expected for them.. but, on citrix cloud the cloud connector doesn't have a search filter option and I cannot move all the user in AD to a single OU in order to try a way that need to change User DN option. I cannot use User DN cloud connector field. If I try to apply the same CTX111079 on gateway v. Server that proxies to CEM cloud, this is the behavior: when user outside that group can enroll in secure hub using android enterprise because cloud connector take precedence, when work profile is complete and secure hub finalize process, the ldap server on netscaler send a deny and wiping profile occurs, the problem is that user license is even allocated because connection occurs on CEm before denied from netscaler.


How can I deny using ldap search filter from cloud connector for secure hub user without allocating the license?



Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...