Citrix Cloud Gateway Service SSO to SaaS

One of the most exciting services that has come out from Citrix recently has been the integration of SSO to SaaS apps via the gateway service.

This is step one in providing SSO and secure access to multiple SaaS apps and actually controlling what a user can do when they’re in these apps depending on their location or device.

All feeding into an analytic engine so that policies can be applied and user access blocked if the user score reaches 5.

Let’s look at configuring your first SaaS app :

Gateway Service001

Connect to Citrix Cloud :

Select the Gateway tile

Select –> Manage

Gateway Service002

Select Single Sign On

Add a Web/SaaS App

Gateway Service003a


You are now presented with a pre populated list of the most popular apps which Citrix have provide some configuration to help you configure SSO.

We can also skip this section and enter your own URL as well.

I have picked G Suite here so you can pick whatever app you need.  We will see how to complete the loop and configure the G Suite later.

Select Next

Gateway Service004

You can change the name here if required but leave the rest as it is already pre populated.

Select Next

Gateway Service005

For now I have selected Next and not configured any of the policies.

We will return to this section in another blog bost, as this is really where the magic happens. Selecting options from this screen enables you to block access for the user for various things. Similar to what can be achieved in an ICA channel.

Block print, copy and paste , watermark the screen to stop picture taking and IP leakage.

Gateway Service006

Now we need to configure the SAML part so that the token passed to Google G Suite will know you are a secure user and are allowed access to the G Suite application.

There is also some configuration required on the G Suite platform as well so that that two way trust is complete.

Gateway Service007


Gateway Service008

When the app has been created access to it from a Citrix Cloud delivery needs to be configured.

Citrix have introduced a Library feature which controls all access to all the different services, the big advantage here is that we can now enable access to all the different services available from Citrix Cloud from one single location.

Select the Library

Gateway Service008a

Select the App you want to assign users to

Select the three dots

Gateway Service010

Select Manage Subscribers

Gateway Service011

Select the domain and search for the user you want to add.

When the user connects to the Work Space they now have access to the App G Suite.

Gateway Service012.png

This is only half of the puzzele as we have not yet configured the trust with G Suite.

Stay tuned For how to configure G Suite



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s