Update to the latest cloud navigation.
As a result of increasing projects, here is a little how-to with the summary of my previous articles. The main points are:
- Azure AD Seamless Single Sign-On (PTA / PHS)
- SAML Authentication (Azure AD as IdP & Citrix Gateway as SP)
- Citrix Federated Authentication Service (FAS)
- Microsoft Azure Multi-Factor-Authentication with Conditional Access
Requirements
- Fully working Citrix Virtual Apps and Desktop Environment (StoreFront & DDC Minimum Version 7.9)
- NetScaler with successful base configuration & activated Enterprise or Platinum license (Minimum Version 12.1 Build 50+ for native workspace app, for browser Minimum Version 11.1)
- Configured Unified Gateway vServer
- Internal and external DNS entries for Unified Gateway vServer (e.g. citrix.deyda.net)
- Certificates for DNS entries (wildcard certificates are the easiest)
- Existing Azure Tenant with Azure-AD base configuration (Domain, AAD Sync) & activated Azure AD Premium license
- AD Connect version installed and configured (Minimum Version 1.1.644.0)
- Firewall release for *.msappproxy.net on port 443
- Domain administrator credentials for the domains that connected to Azure AD via AD Connect
- Installed Authenticator App on Test User Mobile Phone
