Created by Wendy Gay and Adam Skelly
Citrix Enterprise Browser has some very cool new features that are currently in tech preview with Citrix and we here at Citrixie.com couldn’t wait to share the updates.
We have multiple updates that we wanted to share:
- Simplified Single Sign On
- Citrix Enterprise Browser as you Work Browser
- Extension Management
- Mandatory Bookmarks
In today’s blog, we will focus on the Simplified Single Sign on feature and will delve into the other features in part two of this series
WhY Simplified SSO:
Single sign-on (SSO) is a popular feature for web and SaaS apps configured via Secure Private Access (SPA). However, configuring SSO for SAML-based web/SaaS apps, with third-party IdPs and is currently needs to be completed for each app being configured. This is a time consuming, and complicated process. Citrix docs details for IDP chaining.
https://docs.citrix.com/en-us/tech-zone/learn/tech-briefs/workspace-sso.html#sso-idp-chaining
This tech preview will help to reduce complexity for admins while still providing a seamless experience for end users.
Pre-requisites:
- EAR for Citrix Workspace App – https://www.citrix.com/downloads/workspace-app/betas-and-tech-previews/workspace-app-tp-for-wi
- A Citrix Cloud Tenant
- Tech Preview enabled – Podio Form – https://podio.com/webforms/27231328/2095940
- Same IDP for Citrix Workspace App and the Web or SaaS in question.
- Note: For CWA Android and iOS, this project changes the webview required for authentication to Android WebView and WKWebView respectively. These may have some limitations with other endpoint management configurations, and must be tested. The flexibility in SSO config ensures it can be turned OFF for a particular operating system if required
Configuration of IDP
For the purpose of testing this Tech Preview, the IDP configured is Azure AAD. The application used for testing Simplified SSO is Office 365 for simplicity.
Open Citrix Cloud Console, and navigate to authentication and ensure that Azure Active Directory is connected to Azure Active directory. https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-management/identity-access-management/connect-azure-ad.html

Ensure that the IDP configure for the tenant is Azure Active Directory

Configure Citrix Cloud via Powershell
Once you have completed the Podio form, you will receive files via email that will assist with the enablement of this feature using new powershell modules. Download and save the files

Save to C:\tools
import-module ./Citrix.Workspace.StoreConfigs

Set-WorkspaceCustomConfigurations -WorkspaceUrl https://Name.cloud.com -ClientId XXXXXXX -ClientSecret XXXXXXXXXX-IdpDomains @(‘login.microsoftonline.com’) -IOSWebViewType “wkwebview” -AndroidWebViewType “webview” -WindowsShareIdpSessions $true -MacShareIdpSessions $true -LinuxShareIdpSessions $true
- Workspace URL is your Cloud tenant URL
- Client ID – Citrix Cloud Client ID
- Secret ID – Citrix Cloud Secret ID
- idpdomains – IDP details
- Webview details – https://www.citrix.com/blogs/2022/03/03/a-new-mobile-saas-and-web-app-access-experience/
Secondary Application Configuration
In order to test functionality, the next step is to configure an SPA application.
Within the Citrix Console, open Secure Private Access

Click Add an application and choose the following settings

Now we click on the option to DO NOT USE SSO which is different to how we would have configured SSO in the past.

Click Next

Click Finish
Create an access policy, and assign it to your application. In this example, I have added security restrictions.

Now when I login to the Workspace app and my SaaS application I get SSO for a great user experience without any SAML configuration
Blog content was created by Wendy Gay and Adam Skelly