Simplified SSO to Saas Apps with Citrix Enterprise Browser – Part One

Created by Wendy Gay and Adam Skelly

Citrix Enterprise Browser has some very cool new features that are currently in tech preview with Citrix and we here at couldn’t wait to share the updates.

We have multiple updates that we wanted to share:

  • Simplified Single Sign On
  • Citrix Enterprise Browser as you Work Browser
  • Extension Management
  • Mandatory Bookmarks

In today’s blog, we will focus on the Simplified Single Sign on feature and will delve into the other features in part two of this series

WhY Simplified SSO:

Single sign-on (SSO) is a popular feature for web and SaaS apps configured via Secure Private Access (SPA). However, configuring SSO for SAML-based web/SaaS apps, with third-party IdPs and is currently needs to be completed for each app being configured. This is a time consuming, and complicated process. Citrix docs details for IDP chaining.

This tech preview will help to reduce complexity for admins while still providing a seamless experience for end users.


Configuration of IDP

For the purpose of testing this Tech Preview, the IDP configured is Azure AAD. The application used for testing Simplified SSO is Office 365 for simplicity.

Open Citrix Cloud Console, and navigate to authentication and ensure that Azure Active Directory is connected to Azure Active directory.

Ensure that the IDP configure for the tenant is Azure Active Directory

Configure Citrix Cloud via Powershell

Once you have completed the Podio form, you will receive files via email that will assist with the enablement of this feature using new powershell modules. Download and save the files

Save to C:\tools

import-module ./Citrix.Workspace.StoreConfigs

Set-WorkspaceCustomConfigurations -WorkspaceUrl -ClientId XXXXXXX -ClientSecret XXXXXXXXXX-IdpDomains @(‘’) -IOSWebViewType “wkwebview” -AndroidWebViewType “webview” -WindowsShareIdpSessions $true -MacShareIdpSessions $true -LinuxShareIdpSessions $true

Secondary Application Configuration

In order to test functionality, the next step is to configure an SPA application.

Within the Citrix Console, open Secure Private Access

Click Add an application and choose the following settings

Now we click on the option to DO NOT USE SSO which is different to how we would have configured SSO in the past.

Click Next

Click Finish

Create an access policy, and assign it to your application. In this example, I have added security restrictions.

Now when I login to the Workspace app and my SaaS application I get SSO for a great user experience without any SAML configuration

Blog content was created by Wendy Gay and Adam Skelly


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.