Jump to content
Welcome to our new Citrix community!

SAML Authentication from Citrix ADC (SP) with Azure AD (IDP)


Recommended Posts

We have a multi-site Citrix deployment and are leveraging GSLB across the sites. For Example

 

dc1citrix.mycompany.com (A record for site specific Gateway VIP)

dc2citrix.mycompany.com (A record for site specific Gateway VIP)

dc3.citrix.mycompany.com (A record for site specific Gateway VIP)

 

GSLB = citrix.mycompany.com can resolve to the GSLB Service of each datacenters gateway IP

 

When creating the application on the Azure (IDP) do we need to create an application for each site or a single application utilizing the GSLB (CNAME) citrix.mycompany.com. We want to enforce two factor for users that may go direct to the site URL (dc1citrix.mycompany.com) as well as if the user goes to the GSLB (CNAME) citrix.mycompany.com

 

In Azure, you need to create the Reply URL and not sure if we can just use the GSLB name here or if we need to set up a separate app per datacenter.

 

Thank you for your responses

Link to comment
Share on other sites

  • 2 months later...

As a failback is it possible to login directly to each gateway that are different sites with Azure SAML as the IDP?
 

dc1citrix.mycompany.com (A record for site specific Gateway VIP)

dc2citrix.mycompany.com (A record for site specific Gateway VIP)

dc3.citrix.mycompany.com (A record for site specific Gateway VIP)

 

When configuring Azure SAML you are only allowed a single login url and in this case you would use the GSLB url. Is this by design or something that can be addressed? It seems like a limitation to me. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...