Citrix Cloud - SAML Relying Party Configuration - RSA Ready Implementation Guide
a year ago
Originally Published: 2023-03-21

This article describes how to integrate RSA with Citrix Cloud using SAML Relying Party.

   

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a Relying Party to Citrix Cloud

Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Click Authentication Clients > Relying Parties.
  3. On the My Relying Parties page, click Add a Relying Party
  4. On the Relying Party Catalog page, click Add for Service Provider SAML
  5. On the Basic Information page, enter a name for the Service Provider in the Name field.
  6. Click Next Step.
  7. On the Authentication page, choose SecurID Access manages all authentication.
  8. In the 2.0 Access Policy for Authentication drop-down list, select a policy that was previously configured and click Next Step.
  9. On the Connection Profile page, for Data Input Method, select Import Metadata
  10. Click Choose File to browse and select the Citrix Cloud SAML metadata file.
    This metadata file can be obtained from the Citrix Cloud console > SAML configuration page as mentioned in the Configure Citrix Cloud section.
  11. On the Connection Profile page, select Enter Manually.
  12. Scroll down to the Service Provider section and enter the following details:
    1. Import the metadata and verify that the ACS URL and Service Provider Entity ID are filled correctly.
      This metadata file can be obtained from the Citrix Cloud console.
  13. For Audience for SAML Response, proceed with the Default: Service Provider Entity ID option.
  14. For SAML Response Protection, choose IdP signs entire SAML response.
  15. Click Download Certificate and save the certificate.
    This certificate is required for SAML configuration in Citrix Cloud.
  16. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
  17. In the Statement Attributes section, enter the following attribute names and property values:
    1. Attribute Name: cip_email, Attribute Source: Identity Source, Property: mail
    2. Attribute Name: cip_oid, Attribute Source: Identity Source, Property: objectGUID
    3. Attribute Name: cip_sid, Attribute Source: Identity Source, Property: objectSid
    4. Attribute Name: cip_upn, Attribute Source: Identity Source, Property: userPrincipalName
  18. Scroll down to the Message Protection section and choose IdP signs entire SAML response.
  19. Click Save and Finish.
  20. Locate the application you created on the Relying Parties page and click Edit > Metadata > Download Metadata File.
  21. Click Publish Changes and wait for the operation to be completed.

    After publishing, your application is now enabled for SSO. 

    

Configure Citrix Cloud SSO

Perform these steps to integrate Citrix Cloud with RSA uisng Relying Party.
Procedure

  1. Sign in to Citrix Cloud at https://citrix.cloud.com.
  2. On the Citrix Cloud menu, click Identity and Access Management.

  3. On the Authentication tab, for SAML 2.0, select Connect. When prompted, enter a short, URL-friendly, identifier for your company and click Save and continue.

  4. On the Configure SAML page, enter the following:
    1. Entity ID: Enter the Identity Provider Entity ID from the metadata file downloaded from RSA Cloud Authentication Service.
    2. SSO Service Provider: Enter the SingleSignOnService URL from the metadata file.
    3. Binding Mechanism: Select HTTP POST.

    4. SAML Response: Select Must Sign Response.
    5. X.509 Certificate: Upload SecurID X.509 certificate downloaded in the previous section.
    6. Authentication Context: Set Authentication Context as Unspecified, Minimum.
    7. Logout URL: If required, specify the RSA Portal URL obtained in the previous section to redirect users to the application portal page on logout.

    8. Download the SAML Metadata file.
    9. Click Test and Finish.
  5. Perform the following steps to configure the Workspace Authentication method:
    1. On the Citrix Cloud menu, click Workspace Configuration.

    2. Click the Authentication tab and choose SAML 2.0.

The configuration is complete.

Return to Citrix Cloud - RSA Ready Implementation Guide

Related Articles

Trending Articles

Don't see what you're looking for?