Citrix Cloud Integration with Azure MFA for Administrators

By Amal Abraham posted 03-17-2021 01:46 PM

  

Citrix Cloud Integration with Azure AD MFA for Administrators


In today's blog, we are going to discuss enabling Azure MFA for administrators who will login to Citrix Cloud for administration.

Azure Integration for Citrix Cloud will provide a secure way to access your Citrix Cloud environment for administrative purposes by leveraging the existing security framework designed by customer.


Configuration

  • Login to Citrix Cloud Portal
  • Navigate to Identity and Access management by clicking on the three bars in the upper left corner



On the "Identity and Access Management" page, click on the "three dots" next to the Azure Active Directory Option to launch the Azure AD integration wizard.


pic1.png


A new window will pop up asking user to enter the custom sign in URL. Provide the custom name for your Citrix Cloud login URL and click on Confirm.




You will be redirected to the Microsoft Login page. Please make sure to login with a global admin, or else you will receive the error below.



After login with a "Azure AD Global Administrator" you will be prompted to confirm the Azure AD permissions required by Citrix Cloud Application. Click on Accept.




An enterprise Application will get created by Citrix Cloud on your Azure AD.

Enable Conditional Access Policy in Azure AD

In order to enable MFA, you need to create a conditional policy in Azure AD.

  • Navigate to Azure AD and click on Enterprise Application
  • On the enterprise application page, click on "Conditional Access"


Click on "+ New Policy" to create a new conditional policy.



Provide a name for your conditional policy and click on "No Cloud Apps or actions Selected."



Click on "Select apps" under Cloud apps--> Include.



A new window will pop-up for searching for the Cloud Apps, search for Citrix Cloud and select the Application. Once you click on Select, the new window will close and Citrix Cloud Application will be selected.



From the Access Controls -->Grant, click on "0 controls selected."



A "Grant" window will pop-up where you can select multiple controls. Select "Require multi-factor authentication" and click on select.


Under the enable policy section, click on "On" and then Create.



Login with your custom Citrix Cloud URL (eg:-https://citrix.cloud.com/go/amalcloud) and user will get an MFA option while logging in.


https://higherlogicdownload.s3.amazonaws.com/CITRIX/UploadedImages/92c25c01-e43f-463a-991e-7562b0b114ce/Citrix_Cloud_AzureAD_MFA/pic18.png


Providing Azure AD users access in Citrix Cloud


To provide access to AD users from Azure AD to Citrix Cloud, navigate to Citrix Cloud portal

  • Click on "Identity and Access Management" and click on "Administrators."
  • Under Select an identity provider Click on the "Add administrators from…" drop down and select the Azure AD domain you added earlier.


https://higherlogicdownload.s3.amazonaws.com/CITRIX/UploadedImages/92c25c01-e43f-463a-991e-7562b0b114ce/Citrix_Cloud_AzureAD_MFA/pic18.png


In the "username" search option, search for the username and click on invite. The user needs to accept the invite from this email.



Please note Azure AD groups are not currently supported by Citrix.



https://higherlogicdownload.s3.amazonaws.com/CITRIX/UploadedImages/92c25c01-e43f-463a-991e-7562b0b114ce/Citrix_Cloud_AzureAD_MFA/pic18.png

Please reach out to me if you have any questions

Regards,
Amal K Abraham
Bangalore CUGC Community

@amalkallath