Citrix had released conditional authentication profiles for users to authenticate to Citrix Cloud workspaces. This feature allows administrators to map the authentication profile to a policy which can be configured based on a workspace URL, AD group, or domain.
How will this be useful for companies?
While this is not suitable for all use cases, it is really helpful to deal with mergers and acquisitions, enable third-party users and contractors with a specific identity provider (IdP) which has more stringent policies compared to how corporate users access.
Authentication Profile Rules:
Authentication profiles can be created based on workspace URLs, AD groups, or domain. The conditional access policies can be combined to add more stringent conditions. In my point of view, this additional conditional authentication profile helps to strengthen the authentication by combining with Azure AD conditional access policies.
In the diagram below, contractors and corporate employees have been given two different workspace URLs, and an additional conditional authentication rule has been added to allow the contractor only if he is part of a specific AD group. Once the user authenticates to Azure AD, then we can add additional conditional access policies in Azure AD to further strengthen user access.
As the service is currently in a technical preview, Citrix has indicated that additional enhancements will be introduced to the conditional rules, such as permitting access only if the user belongs to a specific IP group. This enhancement will empower Citrix to further bolster the security of end-users accessing the Citrix environment through workspaces.
Top comments (0)