One of the most exciting services that has come out from Citrix recently has been the integration of SSO to SaaS apps via the gateway service.
This is step one in providing SSO and secure access to multiple SaaS apps and actually controlling what a user can do when they’re in these apps depending on their location or device.
All feeding into an analytic engine so that policies can be applied and user access blocked if the user score reaches 5.
Let’s look at configuring your first SaaS app :
Connect to Citrix Cloud :
Select the Gateway tile
Select –> Manage
Select Single Sign On
Add a Web/SaaS App
You are now presented with a pre populated list of the most popular apps which Citrix have provide some configuration to help you configure SSO.
We can also skip this section and enter your own URL as well.
I have picked G Suite here so you can pick whatever app you need. We will see how to complete the loop and configure the G Suite later.
You can change the name here if required but leave the rest as it is already pre populated.
For now I have selected Next and not configured any of the policies.
We will return to this section in another blog bost, as this is really where the magic happens. Selecting options from this screen enables you to block access for the user for various things. Similar to what can be achieved in an ICA channel.
Block print, copy and paste , watermark the screen to stop picture taking and IP leakage.
Now we need to configure the SAML part so that the token passed to Google G Suite will know you are a secure user and are allowed access to the G Suite application.
There is also some configuration required on the G Suite platform as well so that that two way trust is complete.
When the app has been created access to it from a Citrix Cloud delivery needs to be configured.
Citrix have introduced a Library feature which controls all access to all the different services, the big advantage here is that we can now enable access to all the different services available from Citrix Cloud from one single location.
Select the Library
Select the App you want to assign users to
Select the three dots
Select Manage Subscribers
Select the domain and search for the user you want to add.
When the user connects to the Work Space they now have access to the App G Suite.
This is only half of the puzzele as we have not yet configured the trust with G Suite.
Stay tuned For how to configure G Suite