Citrix is pleased to announce a preview to support Citrix adaptive access to Citrix Workspace. With this preview, IT admins can enable adaptive access to Citrix Virtual Apps and Desktops accessed through Citrix Workspace based on network location, the public IP address from which a user tries to access Citrix Workspace.
With this adaptive access, based on network location, IT admins can control:
- Which apps or desktops users can access based on their location (enumerate selective applications).
- How users interact with an app or desktop (user access filters). Admins can enable/disable clipboard access, USB drive mapping, and printer access for users not on the corporate network.
Citrix Virtual Apps and Desktops service customers using Citrix Workspace can implement location-based adaptive access independent of the authentication method. If you are interested in trying this, please use this link to Citrix adaptive access so sign up here
In this blog post we will provide you insights on configuration of network-based adaptive access for a user who works from home and a branch office.
Please note, we recommend trying this in a test/dev (non-production) environment. If a test/dev account is not available, create a test delivery group with limited number of users.
Plan the adaptive access policy per your requirements: Create delivery groups for each type of user location and assign the applications and user access filters to each delivery group. Here’s an example
|Delivery Group||Applications and Desktop||Access||Network Type|
|Deliverygroup_Remote||Chrome, Teams, Outlook, Word, Excel||No clipboard access, no download access||External|
Configure the network locations: Network locations are IP address ranges of your user locations. Define the network locations from which the users should have more privileged access rather than defining all the networks.
Configure Adaptive Access Policy for Citrix Virtual Apps and Desktops: For each delivery group add the location tags as filters in the access policies, as shown below. Applications in this delivery group are enumerated to users only when they log in from a public IP address range the location tag is part of.