Hi everyone, I’m working with an on-prem customer who’s evaluating Citrix Cloud and wants to achieve the following: • Internal users (on company network): seamless SSO to Citrix Workspace • External users: always authenticate Since Citrix Gateway Service treats all users as external, we can’t distinguish between internal/external at that level. The customer is using Entra ID as authentication method. Would implementing Conditional Access policies help achieve this?

Sure, you could use trusted locations in your conditional access policies. You might take a look at adaptive authentication: https://docs.citrix.com/en-us/adaptive-authentication.html

Ah nice thx. I'll have a look what is possible with adaptive auth. 🙂