- The IdP could be ADFS, Okta, Ping, etc. Citrix ADC SAML Configuration SAML Server/Action. Instructions for Citrix ADC 13.0, Citrix ADC 12.1, NetScaler 12.0, and NetScaler 11.1 are essentially the same. Citrix ADC 12.1 and newer support SAML Metadata while older versions of NetScaler do not support SAML Metadata.
- Citrix.com Solution Overview Citrix Workspace and the Okta Identity Cloud 4 Citrix Workspace and Okta integration With every Fortune 500 company using the public cloud in some way, Citrix is committed to a cloud-first mindset and approach. Importantly, Citrix embraces a cloud-agnostic strategy, allowing organizations to choose the public cloud.
Okta and Citrix Integration: Complete Access to Citrix, Cloud, and On-prem Apps The shift to the cloud continues to accelerate. Enterprises of every size are adopting best-of-breed cloud apps at a faster rate than ever as they see this strategy accelerate their growth, minimize their costs, and streamline their processes.
None of us likes starting over. So if we don’t have to, why would we?
Virtualbox mac to windows. Unfortunately, with technology, many of us are forced to to follow a single path. That single path often requires us to start over. But this is one of the interesting things about Citrix Workspace and the user’s primary identity… Don’t start over – Simply integrate.
With an overall understanding on primary/secondary identities within Citrix Workspace, we can better understand how Citrix Workspace integrates with Okta as an identity provider for a user’s primary identity. If our organization has standardized on Okta for identity, why would we want to move away from it to utilize a digital workspace?
Citrix Workspace simply brokers identity to your preferred identity provider, then leverages the user’s identity to generate of list of authorized resources to access.
Citrix Workspace accesses an OpenID Connect application created within Okta. The application authenticates the user with Okta, receiving two tokens in response:
- Access Token: Provides proof that the user can access the Okta resource
- Identity Token: Provides claims (info) about the authenticated user.
One of the interesting things about how this works is that the tokens sent back to Citrix Workspace are not impacted by any Okta MFA configurations. Okta authentication is a separate process from Citrix Workspace. If Okta configuration is based on password, SMS, TOTP (software/physical), Push, YubiKey or Windows Hello, then the result back to Citrix Workspace are the two tokens validating the user’s identity and authorizations. Your Okta admin can change the authentication policies without impacting Citrix Workspace.
This is extremely important because chances are the person responsible for Okta in your organization will most likely not be the same person responsible for Workspace.
Once Citrix Workspace receives the claims contained within the identity token, the resource feed micro-service is able to generate a list of authorized resources. Elysia for mac. The claims are important because different resource feed types have different requirements on the claims returned by Okta.
- SaaS and Web apps: Uses the native Okta identity claims
- Windows-based apps: For Citrix Virtual Apps and Desktops (VDI), the Okta ID must be linked to an Active Directory account. The identity token returned by Okta must include the user’s Active Directory SID, UPN and GUID.
This is for authorization. When user’s launch one of these resources, we must authenticate to the resource, which is often categorized as Single Sign-On.
Citrix Cloud Okta Login
- SaaS applications: Utilize SAML-based authentication
- Windows apps/desktops: Utilize the Federated Authentication Service, which is able to use the Active Directory-based claims within the Okta identity token to provide single sign-on to Citrix Virtual Apps and Desktops (a topic for a future blog)
Take a look at the setup and user experience Ebay switch.
Citrix Cloud And Okta
Daniel (Follow on Twitter @djfeller)