Overview This guide provides information for configuring Entra ID Single Sign-on (AAD SSO) for Citrix DaaS without the use of FAS and also getting a PRT – so there are no SSO problems with M365
Continue readingTag: AzureAD
NetScaler – How to get rid of SSO / missing PRT Issues using Entra ID Phone Sign-in
Overview You’re using Microsoft Entra ID (SAML or OAuth) as IdP for your OnPrem CVAD or DaaS Environment. Your default is to use Citrix FAS so the User-Logon to the VDA happens with a virtual
Continue readingMicrosoft Entra – Using Private Access to tunnel Citrix HDX Sessions and giving HDX Direct a Try
Overview Private Access, a Feature of Microsoft Entra’s Global Secure Access Suite, is a simple but powerful Security Service Edge (SSE) network solution for providing secure access to your Cloud / OnPrem Apps without VPN,
Continue readingCitrix DaaS – Microsoft Entra ID B2B User Identity Logonmethods
Overview Recently my namesake Julian wrote a great Post about choosing the correct Machine Identity in a Virtual Desktop Infrastructure – which is very important. This post will cover the other Hand – choosing the
Continue readingCitrix DaaS – Prevent Session takeover when using NetScaler as IdP followed by SAML
Overview A customer of mine recently came across a way to sign in to Cloud Workspace with any other user, provided you sign up before with some valid credentials – for example your own. The
Continue readingCitrix DaaS – NetScaler as IdP with OAuth to Azure AD
Overview This is a Quickpost about a desired architecture with Citrix DaaS, where a NetScaler is acting as OAuth IdP (DaaS Workspace Authentication is set to Citrix Gateway or Adaptive Authentication) and is acting as
Continue readingNetScaler – OAuth to Azure AD with login_hint Subject Field
Overview What’s the biggest difference when choosing SAML instead of OAuth as the protocol when using Azure AD as IdP for NetScaler when it comes to User Experience (UX)? You should consider this Question when
Continue readingCitrix FAS – Azure AD CBA Single Sign-On (SSO) without a PRT
Overview With Azure AD’s certificate-based authentication (CBA) there is a way to get a Primary Refresh Token (PRT) inside the User’s Citrix Session. I’ve written about the details in Part1. As the most negative requirement
Continue readingCitrix FAS – SID Lookup Mismatch with Citrix DaaS
Issue Recently I tried to setup a Citrix DaaS environment with OnPrem VDA’s and FAS for a working Azure AD B2B scenario. Every B2B customer’s UPN suffix is created OnPrem with the matching Shadow Account.
Continue readingCitrix FAS – Azure AD CBA with Primary Refresh Token (PRT)
Overview There are several discussions about the missing Primary Refresh Token (PRT) in the User’s Citrix Session when using SAML / oAuth with Azure AD and Citrix FAS – as using Smartcard to authenticate is
Continue reading