Citrix

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Citrix using SAML.

About Citrix

Citrix is a brand of cloud computing. It provides server, app, and desktop virtualization, networking, software as a service (SaaS), and Desktop as a Service (DaaS). It also creates software that allows the individuals of an enterprise to work and collaborate remotely regardless of device or network.

After integrating Citrix with Oracle Identity Cloud Service:

  • Users can access Citrix using their Oracle Identity Cloud Service login credentials.
  • Users can start Citrix using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Citrix app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A Citrix account with user permission to configure SAML 2.0 federated authentication and to access the required apps from the given list (GoToWebinar, OpenVoice, GoToAssist, GoToMeeting, and GoToTraining).
  • Make sure that the email ID of each user in Citrix matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the Citrix App in Oracle Identity Cloud Service

Use this section to register and activate the Citrix app, and then assign users to the app.

Registering and Activating the Citrix App

  1. Access the Oracle Identity Cloud Service Administration console, select Applications, and then Add.

  2. Click App Catalog.

  3. Search for Citrix, and then click Add.

  4. Select the required Citrix apps, and then click Next.

  5. Click Download IDCS Certificate.

    Tip: You use this file later during the Citrix configuration in the "Configuring SSO for Citrix" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the Citrix App

  1. On the Citrix app page in Oracle Identity Cloud Service, select the Users tab, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to Citrix, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Citrix app is assigned to the users that you selected.

Configuring SSO for Citrix

  1. Access Citrix as an administrator at: https://login.citrixonline.com/login.

  2. Go to the SAML settings URL directly as the UI link for this section is not currently supported: https://login.citrixonline.com/saml/settings.html.

  3. To configure SAML authentication, select Configure manually, use the table to update the federated authentication attributes, and then click Save.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    Sign-out page URL Enter the Sign-out URL/SLO Endpoint:https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/slo
    Sign-in page URL Enter the Sign-in URL and SSO Endpoint:https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso
    Verification certificate Click Choose File, and then upload the certificate that you download during the Citrix registration in Oracle Identity Cloud Service.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Services My Profile console: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Citrix app. Oracle Identity Cloud Service displays a shortcut to Citrix GoToAssist, GoToMeeting, GoToTraining, GoToWebinar, and OpenVoice under My Apps, provided that you selected all apps during Registering and Activating the Citrix App process.

  3. Click Citrix GoToAssit. On the Citrix GoToAssist home page, confirm that the user that is logged in is the same for both Citrix and Oracle Identity Cloud Service. The user name appears in the GoToAssist banner on the right.

  4. Click Citrix GoToMeeting. On the Citrix GoToMeeting home page, confirm that the user that is logged in is the same for both Citrix and Oracle Identity Cloud Service. The user name appears in the upper-right corner of the Admin Center banner.

  5. Click Citrix GoToTraining. On the Citrix GoToTraining home page, if no training is assigned for this user, the app is re-directed to the My Account page. Confirm that the user logged in is the same as the one logged in to Oracle Identity Cloud Service. The user name appears in the Login Info and Personal Info tiles in the center of the page.

  6. Click Citrix GoToWebinar. On the Citrix GoToWebinar home page, if no webinar is assigned for this user, the app is re-directed to the My Account page. Confirm that the user logged in is the same as the one logged in to Oracle Identity Cloud Service. The user name appears in the Login Info and Personal Info tiles in the center of the page.

  7. Click Citrix OpenVoice. On the Citrix OpenVoice home page, if no audio conference is assigned for this user, the app is re-directed to the My Account page. Confirm that the user logged in is the same as the one logged in to Oracle Identity Cloud Service. The user name appears in the Login Info and Personal Info tiles in the center of the page.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Citrix displays the error message “account is not configured"

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Citrix.

Solution: Ensure that the user that you assign to the Citrix app has an account in both Oracle Identity Cloud Service and Citrix with the same email address.

Oracle Identity Cloud Service displays the error message “You are not authorized to access the SaaS Application. Contact your System administrator"

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Citrix app and Citrix is deactivated or the administrator has revoked the user's access to Citrix.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then Citrix.
  • Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Citrix app using Oracle Identity Cloud Service.

Solution 2: Access the Oracle Identity Cloud Service administration console, select Applications, Citrix, Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.