{"id":719320,"date":"2025-12-10T09:25:27","date_gmt":"2025-12-10T14:25:27","guid":{"rendered":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/"},"modified":"2026-03-18T13:11:21","modified_gmt":"2026-03-18T17:11:21","slug":"189-inside-entra-id-sso-with-xentegra","status":"publish","type":"post","link":"https:\/\/xentegra.com\/fr\/resources\/189-inside-entra-id-sso-with-xentegra\/","title":{"rendered":"189: Inside Entra ID SSO with XenTegra"},"content":{"rendered":"<p><iframe loading=\"lazy\" style=\"width: 100%; height: 200px;\" src=\"https:\/\/www.buzzsprout.com\/670066\/episodes\/18330785-inside-entra-id-sso-with-xentegra?iframe=true\" width=\"100%\" height=\"200\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n\n\n\n<p><strong>Simplifying Citrix Authentication: What Entra ID SSO Means for Your Workspace Strategy<\/strong>\u00a0<\/p>\n\n\n\n<p>In the world of end-user computing, few things&nbsp;impact&nbsp;user experience and security posture as much as identity and access. For Citrix administrators juggling hybrid environments and growing authentication complexity, Microsoft&#8217;s Entra ID Single Sign-On (SSO) integration with Citrix is&nbsp;a game-changer.&nbsp;<\/p>\n\n\n\n<p>Announced in a recent Citrix blog and unpacked in depth by&nbsp;XenTegra\u2019s&nbsp;workspace experts, this update signals a meaningful shift toward&nbsp;passwordless&nbsp;authentication and identity simplification across Citrix sessions. But as with all modern IT advancements, it comes with prerequisites, limitations, and opportunities.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s&nbsp;what you need to know.&nbsp;<\/p>\n\n\n\n<p><strong>Why Entra ID SSO Matters for Citrix Environments<\/strong>&nbsp;<\/p>\n\n\n\n<p>For years, Citrix customers relying on modern identity providers like&nbsp;<strong>Microsoft Entra ID<\/strong>&nbsp;or&nbsp;<strong>Okta<\/strong>&nbsp;still had to&nbsp;maintain&nbsp;legacy components like&nbsp;<strong>Federated Authentication Service (FAS)<\/strong>&nbsp;to bridge gaps with on-prem&nbsp;<strong>Active Directory<\/strong>. This created a technical patchwork of SAML, Kerberos, and certificate services \u2014 all adding to operational overhead and security risk.&nbsp;<\/p>\n\n\n\n<p>With Entra ID SSO inside Citrix sessions, Microsoft and Citrix have closed that gap. Now, users can log into their Windows 11 endpoints using Entra ID and pass that same identity seamlessly through the&nbsp;<strong>Citrix Workspace App<\/strong>&nbsp;into their virtual apps and desktops \u2014 no FAS&nbsp;required.&nbsp;<\/p>\n\n\n\n<p>This brings us one step closer to&nbsp;<strong>passwordless&nbsp;authentication in Citrix<\/strong>, improving both user satisfaction and administrative efficiency.&nbsp;<\/p>\n\n\n\n<p><strong>What\u2019s New: The Role of Primary Refresh Tokens (PRT)<\/strong>&nbsp;<\/p>\n\n\n\n<p>One standout benefit of Entra ID SSO is support for&nbsp;<strong>Primary Refresh Tokens (PRTs)<\/strong>&nbsp;within the Citrix session. These tokens carry the user&#8217;s authentication state from the endpoint into the Citrix Virtual Delivery Agent (VDA) session, enabling secure access to Entra-integrated apps like:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft 365 (Word, Excel, PowerPoint)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OneDrive&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SharePoint&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Teams&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>With the PRT intact, users no longer face repeated MFA prompts or app re-authentication \u2014 the session is truly&nbsp;<strong>single sign-on<\/strong>&nbsp;from endpoint to cloud.&nbsp;<\/p>\n\n\n\n<p><strong>Key Technical Requirements and Limitations<\/strong>&nbsp;<\/p>\n\n\n\n<p>Before jumping into deployment,&nbsp;it&#8217;s&nbsp;critical to understand the prerequisites and current limitations of this new model.&nbsp;<\/p>\n\n\n\n<p><strong>\u2705 Supported:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Windows 11 VDAs<\/strong>&nbsp;only (no server OS support yet)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Citrix Workspace App<\/strong>&nbsp;(required&nbsp;for full pass-through)&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Citrix DAS<\/strong>&nbsp;et&nbsp;<strong>Citrix Cloud Gateway Service<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Entra ID-joined or hybrid-joined<\/strong>&nbsp;endpoints and workloads&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>\u274c Not Supported:<\/strong>&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>On-prem StoreFront deployments<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Active Directory domain-joined VDAs<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Citrix CVAD on-prem<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Adaptive authentication<\/strong>&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Auto Client Reconnect<\/strong>&nbsp;(a significant consideration for continuity)&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Also note: if users toggle between Workspace App and browser access, web logins may incur a&nbsp;<strong>30-second delay<\/strong>&nbsp;due to&nbsp;authentication&nbsp;fallbacks.&nbsp;<\/p>\n\n\n\n<p><strong>Strategic Benefits of Entra ID SSO<\/strong>&nbsp;<\/p>\n\n\n\n<p>Despite some early-stage limitations, the benefits of Entra ID SSO are tangible \u2014 especially for organizations fully invested in Microsoft 365 and modern identity infrastructure.&nbsp;<\/p>\n\n\n\n<p><strong>1. Reduced Technical Debt:<\/strong>&nbsp;No more managing FAS servers, certificate authorities, or custom SAML mappings.&nbsp;<br><strong>2. Improved User Experience:<\/strong>&nbsp;Faster logins, no MFA fatigue, fewer interruptions.&nbsp;<br><strong>3. Stronger Security Posture:<\/strong>&nbsp;Entra ID conditional access policies apply inside the Citrix session.&nbsp;<br><strong>4. Simplified Architecture:<\/strong>&nbsp;One identity across endpoint, Citrix session, and cloud apps.&nbsp;<\/p>\n\n\n\n<p><strong>Is Your Environment Ready?<\/strong>&nbsp;<\/p>\n\n\n\n<p>The value is clear, but this&nbsp;isn\u2019t&nbsp;a plug-and-play update. Organizations need to assess:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Are your VDAs running Windows 11 and version 2507 or later?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Are legacy apps compatible with Entra ID authentication?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Can your&nbsp;teams&nbsp;manage the PowerShell-heavy setup process?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Are your endpoint devices hybrid-joined or Entra-native?&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>It\u2019s&nbsp;also worth noting that this architecture will evolve. Support for&nbsp;<strong>FIDO2<\/strong>,&nbsp;<strong>Windows Hello for Business<\/strong>et&nbsp;<strong>server-based VDAs<\/strong>&nbsp;is expected in future iterations.&nbsp;<\/p>\n\n\n\n<p><strong>R\u00e9flexions finales<\/strong>&nbsp;<\/p>\n\n\n\n<p>Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0<strong>Citrix Entra ID SSO<\/strong>\u00a0represents\u00a0a major step toward modern, frictionless authentication \u2014 especially for organizations already deep into Entra ID and Windows 11.\u00a0<\/p>\n\n\n\n<p>For IT leaders and admins, the message is clear: the future is single sign-on, and the tools are already here to start making it real. Just be prepared for a thoughtful rollout.&nbsp;<\/p>\n\n\n\n<p>If your organization is ready to streamline access and reduce identity complexity,&nbsp;<strong>Entra ID SSO in Citrix<\/strong>&nbsp;is a solution worth exploring now \u2014 not later.&nbsp;<\/p>\n\n\n\n<p><strong>Want to dig deeper?<\/strong>&nbsp;<br>Check out the official&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID SSO for Citrix documentation<\/a>&nbsp;and reach out to&nbsp;XenTegra&nbsp;for expert guidance on making your transition smooth, secure, and successful.&nbsp;<\/p>\n\n\n\n<p>&nbsp;<\/p>\n\n\n\n<p><b>Podcast Description<\/b><\/p>\n\n\n\n<p>In Episode 189 of The Citrix Session, host Bill Sutton, Director of Modern Workspace at XenTegra, is joined by Solutions Architects Stuart Donaldson and Randy Price for a deep dive into one of the most significant updates in modern Citrix authentication.<\/p>\n\n\n\n<p>This episode unpacks Microsoft Entra ID Single Sign-On inside Citrix sessions and what it means for end users, admins, and the future of passwordless access. The team breaks down why FAS has become a layer of technical debt, how Entra ID SSO removes friction for users, and what prerequisites and limitations customers need to know before adopting it.<\/p>\n\n\n\n<p>Listeners will learn:<br>&nbsp;\u2022 How Entra ID SSO eliminates duplicate authentication inside Citrix sessions<br>&nbsp;\u2022 Why Primary Refresh Token support is a major win for M365 user experience<br>&nbsp;\u2022 What environments are supported and where FAS is still required<br>&nbsp;\u2022 Operational considerations like Windows 11 requirements, VDA versions, and the impact on Auto Client Reconnect<br>&nbsp;\u2022 Known issues, performance implications, and what to expect in future iterations<\/p>\n\n\n\n<p>If you support Citrix DAS, modern authentication, or hybrid identity environments, this episode gives you a practical, expert-level overview of what Entra ID SSO unlocks and why it matters.<\/p>\n\n\n\n<div class=\"transcript\">\n<p><!--block-->WEBVTT<\/p>\n<p>1<br>00:00:02.690 &#8211;&gt; 00:00:17.370<br>Bill Sutton: Hello, everyone, and welcome to Episode 189 of the Citrix session. I&#8217;m your host, Bill Sutton, the Director of Modern Workspace at Zentegra. I have a couple of other folks from Zentegra with me today. There are Solution Architects on the Modern Workspace team.<\/p>\n<p>2<br>00:00:17.440 &#8211;&gt; 00:00:29.930<br>Bill Sutton: I&#8217;ll answer them in the order I see\u2026 that I see their picture, so I&#8217;ll start with Stuart Donaldson. Stuart is on our team as a solutions architect. You want to just\u2026 just quickly introduce yourself, say hello, Stuart, so they know your voice?<\/p>\n<p>3<br>00:00:31.020 &#8211;&gt; 00:00:34.610<br>Stuart Donnelson: Oh, am I muted? No, I&#8217;m not muted. It would have made sense to be that one.<\/p>\n<p>4<br>00:00:35.040 &#8211;&gt; 00:00:41.309<br>Stuart Donnelson: Yeah, Stu Donaldson, I&#8217;m on the Enterprise Workspace team, and happy to be here today.<\/p>\n<p>5<br>00:00:42.060 &#8211;&gt; 00:00:50.420<br>Bill Sutton: Great, Stu, thanks. And also, we have with us Randy Price, who&#8217;s a long-time SA with Zentegra. Randy, you want to say hello?<\/p>\n<p>6<br>00:00:50.610 &#8211;&gt; 00:00:52.509<br>Randy.Price: Yeah, hey guys, it&#8217;s great to be here.<\/p>\n<p>7<br>00:00:53.180 &#8211;&gt; 00:01:10.450<br>Bill Sutton: Yep, great to have you. It&#8217;s been a while, guys. Like, 3 or 4 weeks, I think, we&#8217;ve been kind of off the grid because of, various\u2026 one or more of us being unavailable. This might be the last one this year, I don&#8217;t know, we might do one next week, I don&#8217;t know, but then,<\/p>\n<p>8<br>00:01:10.570 &#8211;&gt; 00:01:23.620<br>Bill Sutton: once we get into Christmas week and New Year&#8217;s week, I&#8217;m sure we won&#8217;t do anything. Those weeks will\u2026 those will be canceled, because nobody will be here. So, happy to be back today. Today, we&#8217;re gonna cover, a blog\u2026 a Citrix blog article.<\/p>\n<p>9<br>00:01:23.860 &#8211;&gt; 00:01:35.569<br>Bill Sutton: And I think I have shared, yes. It is entitled, One Identity, Every App Now Inside Citrix Sessions. That&#8217;s One Identity, Every App Now Inside Citrix Sessions.<\/p>\n<p>10<br>00:01:35.730 &#8211;&gt; 00:01:50.030<br>Bill Sutton: It&#8217;s written by Sean Bass, who, who is a senior exec at Citrix over the desktop group, I believe. His title has changed recently, but, he&#8217;s a really long-time EUC, EUC<\/p>\n<p>11<br>00:01:50.220 &#8211;&gt; 00:01:56.350<br>Bill Sutton: person. And is now\u2026 has been at Citrix for a couple of years now, I believe.<\/p>\n<p>12<br>00:01:56.800 &#8211;&gt; 00:02:03.909<br>Bill Sutton: So, overall, this article is really dealing with password simplicity,<\/p>\n<p>13<br>00:02:04.160 &#8211;&gt; 00:02:17.180<br>Bill Sutton: you know, the\u2026 over the years, various industry folks have talked about, we need to get the passwordless, we need to get the passwordless. There really hasn&#8217;t been much progress made in that regard for a number of reasons, and not the least of which is<\/p>\n<p>14<br>00:02:17.270 &#8211;&gt; 00:02:33.039<br>Bill Sutton: the dependence on traditional on-premises Active Directory, which of course was, I guess, what, Randy, that goes back to the NT days, probably, is where it first came out, or maybe it was Windows 2000 Server. I&#8217;m not sure which\u2026 which was first with Active Directory. It might have been Windows 2000 Server.<\/p>\n<p>15<br>00:02:33.040 &#8211;&gt; 00:02:34.390<br>Randy.Price: We&#8217;ll go to 2000, yeah.<\/p>\n<p>16<br>00:02:34.390 &#8211;&gt; 00:02:42.440<br>Bill Sutton: Yeah, nevertheless, the Active Directory environment, and that goes back, I mean, if you figure Windows 2000 was released in the year 2000,<\/p>\n<p>17<br>00:02:42.590 &#8211;&gt; 00:03:01.530<br>Bill Sutton: That&#8217;s 25 years worth of legacy development that we&#8217;re still living with. And so, of course, it&#8217;s always been a very solid authentication platform, but as we&#8217;ve moved, as the industry has moved to more modern authentication with things like Microsoft EntraID and other third-party, third-party IDP, or,<\/p>\n<p>18<br>00:03:01.780 &#8211;&gt; 00:03:13.870<br>Bill Sutton: IDP providers, like, for example, Okta is another example of an IDP. It&#8217;s complicated things a little bit, it&#8217;s made life easier for users in some ways, but where we&#8217;re dealing with<\/p>\n<p>19<br>00:03:13.920 &#8211;&gt; 00:03:25.680<br>Bill Sutton: part of the environment is running on AD, and part of the environment is running with Microsoft EntraID, things get a little\u2026 a little messy, to be kind, and to enable that kind of seamless access.<\/p>\n<p>20<br>00:03:25.800 &#8211;&gt; 00:03:32.750<br>Bill Sutton: from your endpoint all the way into a Citrix Virtual Apps, Citrix Virtual App or Citrix Virtual Desktop.<\/p>\n<p>21<br>00:03:32.810 &#8211;&gt; 00:03:37.990<br>Bill Sutton: And that&#8217;s really where the\u2026 where this\u2026 where the modern authentication platforms broke down.<\/p>\n<p>22<br>00:03:38.030 &#8211;&gt; 00:03:49.689<br>Bill Sutton: So, one of the\u2026 one of the ways of handling or addressing that, where you&#8217;re dealing with on-premises Active Directory and SAML federated authentication, or Microsoft EntraID, or Okta for that matter.<\/p>\n<p>23<br>00:03:49.720 &#8211;&gt; 00:03:59.470<br>Bill Sutton: You&#8217;ve had to stand up FAS. You want to talk a little bit about federated authentication services, Randy, and what that does, and what it brings to bear for the end user and the administrator?<\/p>\n<p>24<br>00:03:59.670 &#8211;&gt; 00:04:10.379<br>Randy.Price: Sure, sure. So, you know, to your point, right, if I&#8217;m using some external IDP and attempting to log into my Citrix VDA, right, through that session,<\/p>\n<p>25<br>00:04:10.510 &#8211;&gt; 00:04:26.089<br>Randy.Price: Traditionally, you know, on-prem employments, like you mentioned before, they don&#8217;t know how to interpret those, you know, SAML authentication, right? So, FAS is there to present a certificate, user-based certificate, user login. That is a separate service that you have to deploy.<\/p>\n<p>26<br>00:04:26.090 &#8211;&gt; 00:04:37.409<br>Randy.Price: Within the environment. It does require certificate services, right? And essentially, at login time, what happens is it&#8217;ll generate a user certificate and present that user certificate so you can have that seamless sign-in.<\/p>\n<p>27<br>00:04:37.410 &#8211;&gt; 00:04:45.990<br>Randy.Price: Versus, the user being prompted again, right? Because again, those, those workloads not being able to interpret, you know, SAML-based authentication, so\u2026<\/p>\n<p>28<br>00:04:46.010 &#8211;&gt; 00:04:49.099<br>Randy.Price: Yeah, that&#8217;s\u2026 At a high level, but yeah.<\/p>\n<p>29<br>00:04:49.380 &#8211;&gt; 00:05:04.020<br>Bill Sutton: Yeah, I mean, and that\u2026 of course, that involves the deployment of two FAS\u2026 at least two FAS servers for high availability, if you&#8217;re talking a small environment, as well as a Microsoft\u2026 well, I don&#8217;t think it&#8217;s limited to Microsoft anymore, but early\u2026 in the early FAS days.<\/p>\n<p>30<br>00:05:04.030 &#8211;&gt; 00:05:15.519<br>Bill Sutton: It was Microsoft Certificate Services or Microsoft PKI infrastructure. You had to have CA root servers and intermediate servers. I guess you didn&#8217;t have to have intermediate, maybe you did.<\/p>\n<p>31<br>00:05:15.600 &#8211;&gt; 00:05:24.009<br>Bill Sutton: That would\u2026 that FAS would reach out to and request the short-lived certificates for, and then use that to authenticate the user like a smart card, right?<\/p>\n<p>32<br>00:05:24.180 &#8211;&gt; 00:05:30.870<br>Randy.Price: Right, and you would typically deploy those, right, if you&#8217;re using Citrix DAS, you would need fast servers for each resource location.<\/p>\n<p>33<br>00:05:30.870 &#8211;&gt; 00:05:32.959<br>Bill Sutton: Yes, yes, good point.<\/p>\n<p>34<br>00:05:33.160 &#8211;&gt; 00:05:34.349<br>Bill Sutton: Very good point.<\/p>\n<p>35<br>00:05:34.530 &#8211;&gt; 00:05:53.099<br>Stuart Donnelson: To your point there, I mean, FAS introduced a workaround to the problem, but it also adds to the idea of technical debt. I mean, we&#8217;re just accruing it over and over and over again, whether it&#8217;s the requirements and complexity, it&#8217;s the fact that FAS is now a very<\/p>\n<p>36<br>00:05:53.210 &#8211;&gt; 00:05:54.050<br>Stuart Donnelson: Great.<\/p>\n<p>37<br>00:05:54.530 &#8211;&gt; 00:06:14.470<br>Stuart Donnelson: serious target for\u2026 for possible, exploitation, and then, you know, sometimes it just didn&#8217;t\u2026 it didn&#8217;t generate the certificate that it was supposed to. It just didn&#8217;t work. So, in my experience, it&#8217;s been very, reliable, but, you know, there is\u2026 there is a measure of technical debt that we&#8217;re accruing every time we add something like this in.<\/p>\n<p>38<br>00:06:15.280 &#8211;&gt; 00:06:28.399<br>Bill Sutton: Yep, and part of that technical debt is driven, like I said, by the need for Kerberos when you&#8217;re dealing with Active Directory, and the fact that most of these modern authentication platforms don&#8217;t leverage that.<\/p>\n<p>39<br>00:06:28.520 &#8211;&gt; 00:06:30.000<br>Bill Sutton: To my knowledge.<\/p>\n<p>40<br>00:06:30.100 &#8211;&gt; 00:06:35.580<br>Bill Sutton: So Citrix, in conjunction with Microsoft, decided it was time to close the gap.<\/p>\n<p>41<br>00:06:35.620 &#8211;&gt; 00:06:47.930<br>Bill Sutton: between modern authentication and, and the concept of FAS and other elements to provide workarounds. So they worked together to create Microsoft Entra ID SSO,<\/p>\n<p>42<br>00:06:47.930 &#8211;&gt; 00:07:03.289<br>Bill Sutton: So Microsoft IntraID SSO into the Citrix session. So, what this means to administrators and end users is, first of all, your VDAs, your workloads, have to be intra-ID or intra-hybrid ID joined.<\/p>\n<p>43<br>00:07:03.390 &#8211;&gt; 00:07:08.380<br>Bill Sutton: They also have to be Windows 11 workloads. No server workloads at this point.<\/p>\n<p>44<br>00:07:08.420 &#8211;&gt; 00:07:24.670<br>Bill Sutton: If you want server workloads, you&#8217;re still going to have to leverage something like FAS to enable SSO. And then you&#8217;ve got to configure your intra\u2026 your Active Director\u2026 or your, I&#8217;m sorry, your Entra ID, environment such that it knows to talk to the\u2026<\/p>\n<p>45<br>00:07:25.160 &#8211;&gt; 00:07:38.069<br>Bill Sutton: through the Citrix provider in order to get the types of authentication that are needed to enable access to the VDAs, or the workloads. So, the idea here is the user logs in from a laptop using EntraID,<\/p>\n<p>46<br>00:07:38.070 &#8211;&gt; 00:07:46.850<br>Bill Sutton: just like they do every day. I do it every day. They authenticate, and they log in, and then they launch a published app, or they launch their desktop, their published<\/p>\n<p>47<br>00:07:46.850 &#8211;&gt; 00:07:49.169<br>Bill Sutton: virtual desktop, through\u2026<\/p>\n<p>48<br>00:07:49.170 &#8211;&gt; 00:08:08.390<br>Bill Sutton: a, through the Workspace app. Today, the Workspace app is the primary\u2026 it&#8217;s the recommended method of accessing for this. There is a way you can get there via the web, but you have to have a plugin. The Microsoft SSO plugin has to be installed in the browser in order for this to work all the way through. So, again, I&#8217;ll back up.<\/p>\n<p>49<br>00:08:08.490 &#8211;&gt; 00:08:18.640<br>Bill Sutton: They need to be intra-ID joined, needs to be Windows 11, and I&#8217;m talking about the virtual desktops for the virtual apps. Obviously, the workstation needs to be intra-ID joined or hybrid joined.<\/p>\n<p>50<br>00:08:18.640 &#8211;&gt; 00:08:30.500<br>Bill Sutton: So the point is, you log in with your Entry ID credential to the laptop. When you launch your Centric session, it passes that credential all the way through to the end of the Centric session, and you&#8217;re logged in seamlessly.<\/p>\n<p>51<br>00:08:30.500 &#8211;&gt; 00:08:37.629<br>Bill Sutton: without having to be prompt\u2026 without being prompt for any additional authentication or any\u2026 any additional, IDs, no more\u2026<\/p>\n<p>52<br>00:08:37.630 &#8211;&gt; 00:08:55.740<br>Bill Sutton: no second MFA, you&#8217;re\u2026 all of that is preserved through the connection to the Citrix environment. There is no FAS in this architecture, as long as you follow the prerequisites and everything. But one key thing about this that it does preserve, that FAS\u2026 you might say to yourself, well.<\/p>\n<p>53<br>00:08:56.010 &#8211;&gt; 00:09:04.230<br>Bill Sutton: FAS could do this. So, what does this bring me that FAS doesn&#8217;t? And what it brings you is something called the Primary Refresh Token, or the PRT.<\/p>\n<p>54<br>00:09:04.280 &#8211;&gt; 00:09:20.719<br>Bill Sutton: Which is a\u2026 was a relatively new part of the EntraID framework, and essentially what that allows you to do is take that authentication token, and I&#8217;m probably technically talking\u2026 saying this wrong, so I&#8217;ll apologize. If somebody wants to call me out, that&#8217;s fine, but essentially the PRT<\/p>\n<p>55<br>00:09:20.800 &#8211;&gt; 00:09:33.810<br>Bill Sutton: details get passed into the virtual desktop session, where they can be used for authentication to things like Microsoft 365 apps, OneDrive, all of that stuff that, that<\/p>\n<p>56<br>00:09:34.110 &#8211;&gt; 00:09:40.380<br>Bill Sutton: you would otherwise likely be required to authenticate to directly. Am I saying that right, Randy and Stu?<\/p>\n<p>57<br>00:09:41.000 &#8211;&gt; 00:09:41.550<br>Randy.Price: Yes, yeah.<\/p>\n<p>58<br>00:09:41.550 &#8211;&gt; 00:09:42.470<br>Bill Sutton: more or less.<\/p>\n<p>59<br>00:09:42.800 &#8211;&gt; 00:09:43.120<br>Stuart Donnelson: Yep.<\/p>\n<p>60<br>00:09:43.120 &#8211;&gt; 00:09:44.490<br>Randy.Price: Yeah, more or less, that&#8217;s correct, yep.<\/p>\n<p>61<br>00:09:45.100 &#8211;&gt; 00:09:50.870<br>Bill Sutton: Yeah. So, that&#8217;s what this really boils down to, is, you don&#8217;t have to\u2026<\/p>\n<p>62<br>00:09:51.080 &#8211;&gt; 00:10:00.899<br>Bill Sutton: you know, replicate policies or manage different identity layers. The user authenticates once, and their security posture stays with them. No more double MFA, things of that nature.<\/p>\n<p>63<br>00:10:01.180 &#8211;&gt; 00:10:05.780<br>Bill Sutton: And you get one sign-in, one sign-on, and end-to-end.<\/p>\n<p>64<br>00:10:05.880 &#8211;&gt; 00:10:14.120<br>Bill Sutton: They&#8217;re not adding anything, there is no\u2026 there is no, federation, or no, FAS, Federated Authentication Services.<\/p>\n<p>65<br>00:10:14.210 &#8211;&gt; 00:10:26.979<br>Bill Sutton: So why this really matters is, again, you get one identity source across your local machine, the cloud, your virtual desktop. It eliminates the need for duplicate identity providers.<\/p>\n<p>66<br>00:10:26.980 &#8211;&gt; 00:10:36.009<br>Bill Sutton: or plugins, SSO-type plugins. It preserves the authentication information to enable the passing of the data that&#8217;s needed for the PRT.<\/p>\n<p>67<br>00:10:37.310 &#8211;&gt; 00:10:51.089<br>Bill Sutton: You get full conditional access capabilities, both at the endpoint and inside the Citrix session, and it&#8217;s\u2026 it&#8217;s a move to get us to passwordless. I read a couple of articles relative to this,<\/p>\n<p>68<br>00:10:51.270 &#8211;&gt; 00:10:52.950<br>Bill Sutton: That indicated that<\/p>\n<p>69<br>00:10:53.000 &#8211;&gt; 00:11:06.679<br>Bill Sutton: there\u2026 that some passwordless authentication may work for this, either now or in the future, like Hello for Business. I think there&#8217;s still some development to be done there, as well as FIDO\u2026 FIDO\u2026 what is it, FIDO2 authentication.<\/p>\n<p>70<br>00:11:06.680 &#8211;&gt; 00:11:18.140<br>Bill Sutton: Using something like a YubiKey, those things are coming. Today, if you enter a username and password via ENTRA, and then you&#8217;re prompted for your MFA, you&#8217;re gonna get in all the way through.<\/p>\n<p>71<br>00:11:20.160 &#8211;&gt; 00:11:31.249<br>Bill Sutton: So, we&#8217;re 18 minutes in, guys, and that&#8217;s really the blog article, but I wanted to get your thoughts. Anything you might want to add to what we&#8217;ve talked about? Anything I missed, or left out, or was wrong about?<\/p>\n<p>72<br>00:11:32.570 &#8211;&gt; 00:11:34.189<br>Randy.Price: Yeah, go ahead, Stu, I&#8217;ll let you go first.<\/p>\n<p>73<br>00:11:35.790 &#8211;&gt; 00:11:55.329<br>Stuart Donnelson: This is another one of those issues worth the squeeze kind of questions right now, because there is a operational cost for\u2026 for moving in this direction, right? We still, you know, if we get seamless SSO, we get those zero-trust security, kind of, methodologies, we get the architectural simplification without needing FAS and whatnot.<\/p>\n<p>74<br>00:11:55.330 &#8211;&gt; 00:11:56.320<br>Bill Sutton: But we&#8217;re\u2026<\/p>\n<p>75<br>00:11:56.320 &#8211;&gt; 00:12:14.119<br>Stuart Donnelson: forced to upgrade to a version of Windows 11 that supports it, so your organization better be ready for 24H2, and that new VDA 2507. Beyond that, we have to make sure that our legacy apps are, are ready to work in this realm. So, and then\u2026<\/p>\n<p>76<br>00:12:14.330 &#8211;&gt; 00:12:20.619<br>Stuart Donnelson: correct me if I&#8217;m wrong, guys, but I believe Auto Client Reconnect is also lost in this process, because.<\/p>\n<p>77<br>00:12:20.620 &#8211;&gt; 00:12:27.270<br>Bill Sutton: It is. Yeah, session\u2026 that&#8217;s a good point. Session reliability remains, but Auto Client Reconnect, you&#8217;re right, is gone.<\/p>\n<p>78<br>00:12:28.430 &#8211;&gt; 00:12:44.120<br>Stuart Donnelson: And that even\u2026 that even goes towards if you lock\u2026 if somebody locks the session, right? I mean, at that point, you need something like a disconnect on log off, or you&#8217;re gonna have a lot of confused people who can&#8217;t get\u2026 they don&#8217;t even have the option to put a password in, they don&#8217;t know it, right? So\u2026<\/p>\n<p>79<br>00:12:44.430 &#8211;&gt; 00:12:58.749<br>Bill Sutton: Yeah, it does say here, Auto Client Reconnect is not supported when intra-ID, single ID session. The feature is automatically disabled when you use this method. Session reliability is still available for automatic reconnection in case you have, like, a network disruption.<\/p>\n<p>80<br>00:12:59.150 &#8211;&gt; 00:13:18.110<br>Bill Sutton: And to your point, Stu, I would encourage listeners to do a Google search for EntraID single sign-on with Citrix. It&#8217;ll take you to a\u2026 the documentation, and there&#8217;s a lot of things in here that go over some of the considerations to have when you&#8217;re deploying this, as well as a detailed walkthrough of how to configure it.<\/p>\n<p>81<br>00:13:18.110 &#8211;&gt; 00:13:23.700<br>Bill Sutton: And it&#8217;s not for the faint of heart. It&#8217;s a good solution, but it&#8217;s not for the faint of heart at this point. There&#8217;s a lot of,<\/p>\n<p>82<br>00:13:23.720 &#8211;&gt; 00:13:33.759<br>Bill Sutton: a lot of, scripting that needs to be done to get things, and I&#8217;m sure you can do some of the scripting through the GUI, but it looks like they&#8217;ve mostly focused on,<\/p>\n<p>83<br>00:13:34.180 &#8211;&gt; 00:13:39.469<br>Bill Sutton: PowerShell scripting to, to get the configuration put in place. Randy, were you gonna say some things?<\/p>\n<p>84<br>00:13:39.860 &#8211;&gt; 00:13:56.579<br>Randy.Price: No, I think you guys hit it on the head, right? And the biggest thing, like you mentioned before, we start talking around how we handle this, you know, traditionally FAS versus, you know, this method. It really comes down to, you know, those VDAs. Are they AD domain joined? Are they intra-ID domain joined?<\/p>\n<p>85<br>00:13:56.640 &#8211;&gt; 00:14:08.760<br>Randy.Price: Right. So, you know, if it&#8217;s AD domain joined, this is not going to apply to you. If you&#8217;re using Storefront, right, this is not going to apply to you. This is really, truly just Citrix DAS using Citrix Workspace. And again.<\/p>\n<p>86<br>00:14:08.760 &#8211;&gt; 00:14:19.210<br>Randy.Price: Workspace app is a requirement, they list here as well. They actually mention in one of their known issues that if you enable this, and you have users that use both<\/p>\n<p>87<br>00:14:19.510 &#8211;&gt; 00:14:27.760<br>Randy.Price: Citrix Workspace app and the web browser, then logging in through the web browser, they could see a 30-second delay, right, during the application period.<\/p>\n<p>88<br>00:14:27.760 &#8211;&gt; 00:14:28.280<br>Bill Sutton: Yay.<\/p>\n<p>89<br>00:14:28.610 &#8211;&gt; 00:14:38.109<br>Randy.Price: Yeah, so\u2026 because it&#8217;s going to attempt first, and so there&#8217;s going to be a 30-second delay. So that&#8217;s one thing to call out, you know, because we are all con\u2026 you know, we all think about login times, how does it affect the end users?<\/p>\n<p>90<br>00:14:38.170 &#8211;&gt; 00:14:51.399<br>Randy.Price: So if your users are using a mixed method of how they&#8217;re accessing their apps or desktops, just be aware of that, that if all users aren&#8217;t using Citrix Workspace app, they could incur that 30-second delay, so that&#8217;s something to be aware of as well.<\/p>\n<p>91<br>00:14:51.400 &#8211;&gt; 00:14:53.920<br>Bill Sutton: Very good point. Yep, I must have missed that, or not.<\/p>\n<p>92<br>00:14:53.920 &#8211;&gt; 00:15:06.180<br>Randy.Price: Yeah, it&#8217;s down at the bottom. If you go scroll down under known issues, they list a couple of things just to be aware of. I like to typically look through that. It&#8217;s towards the bottom of this article. Yeah, scroll up a little bit, you&#8217;ll see it. Keep going up a little bit.<\/p>\n<p>93<br>00:15:06.180 &#8211;&gt; 00:15:06.820<br>Bill Sutton: Oh, there it is.<\/p>\n<p>94<br>00:15:08.170 &#8211;&gt; 00:15:12.859<br>Randy.Price: So, just something to, you know, be considerate of as well, especially, you know, like I said.<\/p>\n<p>95<br>00:15:13.140 &#8211;&gt; 00:15:23.630<br>Randy.Price: Logging times seem to be the bane of every Citrix admin, right? Trying to\u2026 trying to decrease those, so we don&#8217;t want to do anything necessarily to increase those without understanding that, so\u2026<\/p>\n<p>96<br>00:15:24.250 &#8211;&gt; 00:15:40.549<br>Bill Sutton: Yeah, and there&#8217;s a couple of tables at the beginning of the\u2026 I&#8217;ll post the\u2026 I&#8217;ll make sure that I post a link to this in the show notes, so, listeners can get directly to it. There&#8217;s a couple of tables in here that deal with, what&#8217;s supported, and like you said, Randy, it&#8217;s pretty much, DAS and Workspace.<\/p>\n<p>97<br>00:15:41.600 &#8211;&gt; 00:15:46.950<br>Bill Sutton: and obviously the gateway Service and Netscaler, but CVET on-prem is not.<\/p>\n<p>98<br>00:15:46.950 &#8211;&gt; 00:15:49.000<br>Randy.Price: Right. You notice it, even though it&#8217;s not.<\/p>\n<p>99<br>00:15:49.000 &#8211;&gt; 00:15:51.730<br>Bill Sutton: Not to say that it won&#8217;t be at some point, but it&#8217;s not now.<\/p>\n<p>100<br>00:15:51.730 &#8211;&gt; 00:15:57.460<br>Randy.Price: Right, and even on the supported identity providers, if you notice, adaptive authentication is not supported, right? So\u2026<\/p>\n<p>101<br>00:15:57.460 &#8211;&gt; 00:15:58.240<br>Bill Sutton : Oui.<\/p>\n<p>102<br>00:15:58.240 &#8211;&gt; 00:16:04.620<br>Randy.Price: That&#8217;s something to be aware of as well, and, you know, probably understand the reason behind that, but still, it&#8217;s something to be aware of, so\u2026<\/p>\n<p>103<br>00:16:04.620 &#8211;&gt; 00:16:20.219<br>Bill Sutton: An important point, as well, is this is, even though I mentioned Okta before, this is only Intra ID SSO with Citrix. Only Intra. And that&#8217;s largely because Microsoft and Citrix worked together to get this to the point where they could\u2026 they could configure it to work.<\/p>\n<p>104<br>00:16:20.290 &#8211;&gt; 00:16:37.969<br>Bill Sutton: the way we&#8217;ve described. I expect this is, you know, this is the first release of this. I expect we&#8217;ll see this evolve over time, like we do with all things like this, but this is a really good start. And for those customers that are really solidly in the intra-ID camp, and they&#8217;re using Workspace App with Windows 11,<\/p>\n<p>105<br>00:16:38.170 &#8211;&gt; 00:16:45.860<br>Bill Sutton: This could be a good solution for them to\u2026 to kind of reduce some of the friction of the login experience for their users.<\/p>\n<p>106<br>00:16:46.110 &#8211;&gt; 00:16:46.710<br>Randy.Price: Boop.<\/p>\n<p>107<br>00:16:46.950 &#8211;&gt; 00:16:47.780<br>Randy.Price: Grief.<\/p>\n<p>108<br>00:16:47.990 &#8211;&gt; 00:16:54.380<br>Bill Sutton: All right, that&#8217;s all we had. That&#8217;s all we had for today. Any other fi\u2026 any final thoughts, guys, you want to convey before we adjourn?<\/p>\n<p>109<br>00:16:55.050 &#8211;&gt; 00:16:55.899<br>Randy.Price: No, I&#8217;m good.<\/p>\n<p>110<br>00:16:56.420 &#8211;&gt; 00:17:03.130<br>Bill Sutton: Okay. Well, I&#8217;ll just say that what I&#8217;ve always said when I\u2026 whenever we run into new features like this, that Citrix continues to iterate.<\/p>\n<p>111<br>00:17:03.130 &#8211;&gt; 00:17:17.999<br>Bill Sutton: They&#8217;re not\u2026 they&#8217;re not, sitting back on their laurels. They are continuing to\u2026 to, innovate in the\u2026 in the\u2026 in their products and add new features and functionality to respond to user requests. So, it&#8217;s just another example of that.<\/p>\n<p>112<br>00:17:18.030 &#8211;&gt; 00:17:22.020<br>Bill Sutton: Which is obviously a good thing to keep the technology moving forward.<\/p>\n<p>113<br>00:17:22.579 &#8211;&gt; 00:17:27.690<br>Bill Sutton: All right, guys, thank you all for, joining today. Hopefully we&#8217;ll see you again next week.<\/p>\n<p>114<br>00:17:28.119 &#8211;&gt; 00:17:28.759<br>Stuart Donnelson: here.<\/p>\n<p>115<br>00:17:28.760 &#8211;&gt; 00:17:29.490<br>Randy.Price: Thank you guys.<\/p>\n<p>&nbsp;<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Simplifying Citrix Authentication: What Entra ID SSO Means for Your Workspace Strategy\u00a0 In the world of end-user computing, few things&nbsp;impact&nbsp;user experience and security posture as much as identity and access. &hellip;<\/p>","protected":false},"author":7,"featured_media":65995,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"footnotes":""},"categories":[5],"tags":[8,12,14,210],"class_list":["post-719320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcast","tag-citrix","tag-digital-workspace","tag-microsoft","tag-sso"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>189: Inside Entra ID SSO with XenTegra - XenTegra<\/title>\n<meta name=\"description\" content=\"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xentegra.com\/fr\/resources\/189-inside-entra-id-sso-with-xentegra\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"189: Inside Entra ID SSO with XenTegra - XenTegra\" \/>\n<meta property=\"og:description\" content=\"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xentegra.com\/fr\/resources\/189-inside-entra-id-sso-with-xentegra\/\" \/>\n<meta property=\"og:site_name\" content=\"XenTegra\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XenTegra\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-10T14:25:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-18T17:11:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1100\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chase Newmyer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xentegra\" \/>\n<meta name=\"twitter:site\" content=\"@xentegra\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chase Newmyer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/\"},\"author\":{\"name\":\"Chase Newmyer\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/person\\\/84736408f096bfd92b80305aea8846a7\"},\"headline\":\"189: Inside Entra ID SSO with XenTegra\",\"datePublished\":\"2025-12-10T14:25:27+00:00\",\"dateModified\":\"2026-03-18T17:11:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/\"},\"wordCount\":4635,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"keywords\":[\"Citrix\",\"Digital Workspace\",\"Microsoft\",\"SSO\"],\"articleSection\":[\"Podcast\"],\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/\",\"url\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/\",\"name\":\"189: Inside Entra ID SSO with XenTegra - XenTegra\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"datePublished\":\"2025-12-10T14:25:27+00:00\",\"dateModified\":\"2026-03-18T17:11:21+00:00\",\"description\":\"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"contentUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/Citrix-Session.png\",\"width\":1100,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/resources\\\/189-inside-entra-id-sso-with-xentegra\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xentegra.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"189: Inside Entra ID SSO with XenTegra\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#website\",\"url\":\"https:\\\/\\\/xentegra.com\\\/\",\"name\":\"XenTegra\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xentegra.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#organization\",\"name\":\"XenTegra\",\"url\":\"https:\\\/\\\/xentegra.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/1519903807641-min.jpg\",\"contentUrl\":\"https:\\\/\\\/xentegra.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/1519903807641-min.jpg\",\"width\":200,\"height\":200,\"caption\":\"XenTegra\"},\"image\":{\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XenTegra\\\/\",\"https:\\\/\\\/x.com\\\/xentegra\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/xentegra-llc\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xentegra.com\\\/#\\\/schema\\\/person\\\/84736408f096bfd92b80305aea8846a7\",\"name\":\"Chase Newmyer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g\",\"caption\":\"Chase Newmyer\"},\"url\":\"https:\\\/\\\/xentegra.com\\\/fr\\\/resources\\\/author\\\/chasenewmyer\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"189: Inside Entra ID SSO with XenTegra - XenTegra","description":"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xentegra.com\/fr\/resources\/189-inside-entra-id-sso-with-xentegra\/","og_locale":"fr_CA","og_type":"article","og_title":"189: Inside Entra ID SSO with XenTegra - XenTegra","og_description":"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.","og_url":"https:\/\/xentegra.com\/fr\/resources\/189-inside-entra-id-sso-with-xentegra\/","og_site_name":"XenTegra","article_publisher":"https:\/\/www.facebook.com\/XenTegra\/","article_published_time":"2025-12-10T14:25:27+00:00","article_modified_time":"2026-03-18T17:11:21+00:00","og_image":[{"width":1100,"height":600,"url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","type":"image\/png"}],"author":"Chase Newmyer","twitter_card":"summary_large_image","twitter_creator":"@xentegra","twitter_site":"@xentegra","twitter_misc":{"\u00c9crit par":"Chase Newmyer","Estimation du temps de lecture":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#article","isPartOf":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/"},"author":{"name":"Chase Newmyer","@id":"https:\/\/xentegra.com\/#\/schema\/person\/84736408f096bfd92b80305aea8846a7"},"headline":"189: Inside Entra ID SSO with XenTegra","datePublished":"2025-12-10T14:25:27+00:00","dateModified":"2026-03-18T17:11:21+00:00","mainEntityOfPage":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/"},"wordCount":4635,"commentCount":0,"publisher":{"@id":"https:\/\/xentegra.com\/#organization"},"image":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#primaryimage"},"thumbnailUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","keywords":["Citrix","Digital Workspace","Microsoft","SSO"],"articleSection":["Podcast"],"inLanguage":"fr-CA","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/","url":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/","name":"189: Inside Entra ID SSO with XenTegra - XenTegra","isPartOf":{"@id":"https:\/\/xentegra.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#primaryimage"},"image":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#primaryimage"},"thumbnailUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","datePublished":"2025-12-10T14:25:27+00:00","dateModified":"2026-03-18T17:11:21+00:00","description":"Citrix and Microsoft continue to align their platforms in a way that simplifies identity and improves secure access.\u00a0Citrix Entra ID SSO\u00a0represents\u00a0a major step.","breadcrumb":{"@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/"]}]},{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#primaryimage","url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","contentUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2024\/03\/Citrix-Session.png","width":1100,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/xentegra.com\/resources\/189-inside-entra-id-sso-with-xentegra\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xentegra.com\/"},{"@type":"ListItem","position":2,"name":"189: Inside Entra ID SSO with XenTegra"}]},{"@type":"WebSite","@id":"https:\/\/xentegra.com\/#website","url":"https:\/\/xentegra.com\/","name":"XenTegra","description":"","publisher":{"@id":"https:\/\/xentegra.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xentegra.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-CA"},{"@type":"Organization","@id":"https:\/\/xentegra.com\/#organization","name":"XenTegra","url":"https:\/\/xentegra.com\/","logo":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/xentegra.com\/#\/schema\/logo\/image\/","url":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2023\/06\/1519903807641-min.jpg","contentUrl":"https:\/\/eadn-wc05-13529174.nxedge.io\/wp-content\/uploads\/2023\/06\/1519903807641-min.jpg","width":200,"height":200,"caption":"XenTegra"},"image":{"@id":"https:\/\/xentegra.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XenTegra\/","https:\/\/x.com\/xentegra","https:\/\/www.linkedin.com\/company\/xentegra-llc"]},{"@type":"Person","@id":"https:\/\/xentegra.com\/#\/schema\/person\/84736408f096bfd92b80305aea8846a7","name":"Chase Newmyer","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d46cd44f0bd433dc5a386cbac549c62fd92266e3951669c705b347be2130cca3?s=96&d=mm&r=g","caption":"Chase Newmyer"},"url":"https:\/\/xentegra.com\/fr\/resources\/author\/chasenewmyer\/"}]}},"_links":{"self":[{"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/posts\/719320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/comments?post=719320"}],"version-history":[{"count":3,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/posts\/719320\/revisions"}],"predecessor-version":[{"id":719910,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/posts\/719320\/revisions\/719910"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/media\/65995"}],"wp:attachment":[{"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/media?parent=719320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/categories?post=719320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xentegra.com\/fr\/wp-json\/wp\/v2\/tags?post=719320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}