Okta Citrix Cloud

Posted on  by admin
  1. Citrix Cloud Gateway As Idp
  2. Okta Citrix Cloud Access
downloadWhy can't I download this file?Users may be unable to launch session when using OKTA authentication with following error:
You cannot access this session because you are not the brokered user.
In this scenario:
  • On-prem AD users where migrated to Azure ADDS
  • Individual users are specified to allow access to application
Refer section: Configure the Okta OIDC web application in this article - Step 4
https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-management/identity-access-management/okta-identity.html
  • Credential from Azure ADDS is used to logon at Citrix Cloud Workspace URL

Solution

Correct the SID in user's attribute at OKTA console, to match with the one which is used during Workspace URL logon.

Problem Cause

This could happen due to SID mis-match specified at OKTA console in individual user's SID attribute.
Additionally, you will see following error in DDC trace where DDC or Broker is unable to find or lookup the SID in Azure ADDS:
xxxxxxx,1,yyyy/mm/dd hh:mm:ss.xxxxx,xxxx,xxxx,x,BrokerDAL,1,Error,'AccountNameCache::TrySyncUniversalClaimsForAccount: ERROR SID:S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX not found using Identity API Exception:Citrix.Fma.Sdk.Identity.Interface.IdentityLookupFailureException: The lookup failed as the domain 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX' could not be located ---> Citrix.Fma.Sdk.Identity.Interface.IdentityNotFoundException: [customer id] Specified domain 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX' was not found in: [Name:domainname.com NetBiosName:domainname SID:S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX]
The Broker expects the user SID from Azure AADS and not the one from On-prem Active Directory

Citrix Cloud Gateway As Idp

Okta

Okta is an integrated identity management and mobility management service that securely and simply connects people to their applications from any device, anywhere, at anytime. Built from the ground up in the cloud, Okta is delivered with an unwavering commitment to customer success. Okta gives Enterprise IT teams the ability to dramatically improve the end-user experience, while achieving the management control necessary to accelerate the secure adoption of cloud and mobile technologies. The result is greater employee and partner productivity, increased revenue and supply chain efficiency, and improved compliance. Product development teams in digital businesses and cloud service providers can leverage the Okta platform to seamlessly authenticate, federate, manage and secure their users. The result is faster time to market for their apps and products, more rapid and secure enterprise adoption and improved developer productivity. The Okta service provides a deeply integrated experience across directory services, single sign-on, strong authentication, provisioning, mobility management, and reporting. It runs in the cloud on a secure, reliable, extensively audited platform and integrates with on premises applications, directories, and identity management systems.

Okta Citrix Cloud Access

For more information visit our website at: http://www.okta.com