Jump to content

Javier Lopez Santacruz

Internal Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Javier Lopez Santacruz's Achievements


Newbie (1/14)

  • Conversation Starter Rare
  • Dedicated Rare
  • Week One Done
  • One Month Later

Recent Badges



  1. In this guide, we'll walk you through the steps to configure Entra ID SSO for the Citrix Workspace app on macOS, enabling streamlined access to Citrix-hosted resources. End-user experience demo video: Entra ID SSO CWA for MacOS_JLS.mp4 Prerequisites MacOS CWA 2402 or above Azure EntraI ID (formerly Azure AD) Authentication for your Citrix Workspace - https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-management/identity-access-management/connect-azure-ad.html Microsoft Enterprise SSO plug-in for Apple devices (published via Intunes) - https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin Disable Federated Identity Provider Sessions on Citrix cloud - https://support.citrix.com/article/CTX253779/user-prompted-for-credentials-on-workspace-urls-when-using-federated-authentication-providers Configuration Configuring single sign-on (SSO) for Citrix Workspace App on macOS involves several steps. Let’s walk through the process: CWA must be 2402 or above to enable the web browser for authentication system with private sessions, which can be done via terminal command or Global App Config Service Terminal command line: defaults write com.citrix.receiver.nomas WebBrowserForAuthentication SystemWithPrivateSession Global App config Service: Web Browser for Authentication Azure Entra ID (formerly Azure AD) must be the Identity provider configured for your Citrix cloud deployment - https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-management/identity-access-management/connect-azure-ad.html Entra ID SSO for MacOS requires the MacOS to be MDM managed by Intune and configure the SSO App extension for Entra ID deployed via a Configuration profile. Manage macOS devices in Microsoft Intune - Deployment guide https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-platform-macos 3.1 CWA will use the Entra ID SSO intune plugin to achieve SSO when opening the app. Microsoft Enterprise SSO plug-in for Apple devices (published via Intunes) official documentation https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin 3.2 These are the summarized steps and the official Microsoft documentation links I used to configure this integration: Prerequisites: Deploy your APNS certificate in Intune to start managing iOS/Mac devices. https://learn.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get Ensure Intune manages your macOS devices. Verify that the devices support the Microsoft Enterprise SSO plug-in (macOS 10.15 and newer). Install and configure the Microsoft Company Portal app on the devices. Create a Configuration Profile: In Intune, go to Devices > macOS > Configuration profiles. Create a new configuration profile with the following settings: Profile type: Templates > Device features. Expand the Single sign-on app extension pane. Select Microsoft Entra ID from the SSO app extension type dropdown menu. Configure the SSO App Extension: Specify any additional settings required for your environment. For this POC, we selected Entra ID. Be cautious when allowing apps, as they’ll bypass interactive sign-in prompts for the signed-in user. Assign the Configuration Profile: Assign the configuration profile to Intune's relevant user or device groups. Test SSO: Verify that users can log in to Office 365 apps and websites using Entra ID without repeated authentication prompts. 4. Another requirement is to Disable Federated Identity Provider Sessions https://support.citrix.com/article/CTX253779/user-prompted-for-credentials-on-workspace-urls-when-using-federated-authentication-providers Workspace Configuration > Customize > Preferences - Federated Identity Provider Sessions IMPORTANT: Customers should consult their internal security teams before requesting an exception to determine which settings are best for their environment and security posture. Once all the Microsoft configurations are valid and you can experience SSO to any Entra ID application like Outlook or Teams, the Citrix Workspace app should achieve seamless Single Sign On. Troubleshoot: If any issues arise during testing, refer to Entra ID's documentation or contact the Microsoft support team at https://support.microsoft.com/en-gb for assistance. Conclusion By configuring Entra ID Single Sign-On for the Citrix Workspace app on macOS, organizations can enhance security and user experience while simplifying access to critical resources. With streamlined authentication processes and centralized access management, Entra ID SSO empowers users to navigate their digital workspace efficiently and securely.
  2. Windows Logon Duration Analysis with Citrix WEM Tool Hub Citrix WEM Tool Hub provides comprehensive features for analyzing and optimizing Citrix deployments. Within this toolkit, the Windows logon analysis feature stands out, providing access to detailed logon duration reports and valuable tips for optimizing and troubleshooting logon duration issues. How to get Citrix WEM Tool Hub It can be found on the Citrix Cloud console, specifically on the WEM Utilities > Tools. Windows Logon Analysis Click Windows Logon analysis > Get reports to access the Get latest reports wizard. To receive complete reports, enable log collection for relevant Windows event logs on the machine. Citrix WEM Tool Hub breaks down logon duration into distinct phases, each with its own set of metrics and optimization tips. From pre-logon activities to shell startup, administrators can delve deep into the logon process to identify bottlenecks and areas for improvement. The tool categorizes logon duration metrics into base metrics and sub-metrics, offering granular insights into performance factors affecting logon times. Administrators can pinpoint components contributing to logon delays, from authentication speed to user profile loading. Optimization Tips and Troubleshooting: Citrix WEM Tool Hub provides insights into logon duration metrics and practical tips for optimization and troubleshooting. Administrators can implement targeted solutions to enhance logon speed and efficiency by correlating performance data with actionable recommendations. Authentication Optimization: Leveraging features like Windows Hello for biometric authentication and ensuring efficient network communication with Active Directory can expedite the authentication process. User Profile Management: Optimizing user profile loading by addressing disk space issues and leveraging tools like FSLogix for profile management can significantly reduce logon duration. Group Policy Processing: Streamlining group policy settings, disabling GPO cache, and leveraging Citrix WEM for asynchronous policy processing can accelerate group policy processing during logon. Script and Startup Optimization: Refining logon scripts, utilizing Group Policy preferences, and managing startup programs can minimize delays during shell startup and logon script processing. Conclusion In the competitive landscape of IT administration, optimizing Windows logon duration is essential for enhancing user experience and maximizing productivity within Citrix deployments. Citrix WEM Tool Hub empowers IT administrators with robust logon duration analysis, optimization, and troubleshooting capabilities. By leveraging its features and following best practices for optimization, administrators can streamline logon processes, mitigate performance issues, and ensure a seamless Citrix experience for end-users. With Citrix WEM Tool Hub as their ally, IT admins can embark on a journey towards unparalleled efficiency and excellence in Citrix deployment management. References Citrix WEM Tool Hub Product Documentation
  • Create New...