This message was deleted.

Adaptive access may be your go-to here. Use this a model, but the idea here is to set the access control and deny a tag to a group of users. The link, is showing vGPU settings but ignore that and use it to guide you on what you need. @Balint Oberrauch blog too! https://oberrauch.bz.it/2023/10/10/ctx-daas-and-vgpu-experiences-from-the-field/

Thank you @Ray Davis. @Daniel Viklund you can use Adaptive access for this scenario!

@Balint Oberrauch anytime man

@Balint Oberrauch thanks, had a look and that was too expensive.

It comes at zero costs and has to be enabled via CTX Support.. https://docs.citrix.com/en-us/citrix-daas/manage-deployment/adaptive-access/adaptive-access-based-on-users-network-location.html

Thanks, I got it mixed up with Adapative Authentication which cost $2+ usd per user. But from the documenation, this looks like its only configurable from user network location. I would like to block access from users that are member of certain groups only.

you could create a Conditional Access Policy - depending on your authentication flow

I wish, we have AD + Token, as we are using the CSP shared resource design, which share AD between customers, they each got their own 365 tenant, but not AD, only OU, so AzureAD is not an option. We have our own Netscalers too, but I want to block certain users from using Citrix Cloud, and force them to use our Netscaler.

I think that's something you cannot achive with Gateway Service. You have to pass via a full version of Netscaler and handle the authentication via Session Policy.

To bad, yeah we have AD + AzureAD MFA with our Netscaler, but not all customers have AADConnect, might have to look in to getting the Netscaler do use the built in Netscaler MFA for the non AADConnect users. Thanks mate

Gateway Service is a basic functionality and has less features compared to a full Netscaler😉

Yea, and you don't have to patch it too

Yeah, the patching thing is good, just wish it had more features 🙂