cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

damianmark
Copper Contributor

‎Jul 03 2020 08:16 PM

‎Jul 03 2020 08:16 PM

SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

Trying to get some understanding on what's considered as normal behavior for SSO on Office365 Apps on RDS/Citrix VDA (Shared Enviro)

 

Enviro:

Azure AD connect - Password Hash Sync - SSO Enabled

 

I thought with SSO enabled it would allow seamless integration so that when a user logs onto a computer, they are automatically signed into Office365.  However this does not seem to be the case, users are occasionally prompted to Sign In for Activation.  Is this normal behavior with SSO Enabled?

 

I've also followed instructions for shared computer activation configuration.

https://docs.microsoft.com/pl-pl/deployoffice/overview-shared-computer-activation

But in that article is suggest using SSO.  I've enabled SSO via this instructions:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

 

Does anyone have any suggestions? Curious whether Pass-Thru Authentication should be used rather than Password Hash Sync; however, both can enable SSO.

 

 

 

26.6K Views
0 Likes
4 Replies
Reply
4 Replies
Mustafa Abul-Ela

‎Feb 18 2021 02:50 AM

‎Feb 18 2021 02:50 AM

Re: SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

@damianmark I have the same question, have you got the chance to get an answer anywhere?

0 Likes
Reply
rniesen

‎Feb 23 2021 02:23 AM

‎Feb 23 2021 02:23 AM

Re: SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

Hello,

 

I've the same settup and saw the same problem.

I used the article https://support.citrix.com/article/CTX263465 but it doesn't solve my problem.

 

First of all I disabled MFA in azure ad for this tenant.  I think it's contradicorial to have SSO but enforce to use MFA.  Keep in mind, my customers are very samll ocmpanys and don't have azure ad premium or E3 E5.

Because this limitation, we cannot use trused ip to disable MFA only for the XenApp servers.

 

This is my problem:

When using seamless mode, Office 365 always asked to login and activation isn't stored.

The workaround is to login in a full screen and activate, but after a while, 30 days token, the login screen reappaer.

 

I create a support ticket at Citix (Citrix - 80222815) and they tolled me to add an adiditional regsitry key:

  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
  • Name = DisableAADWAM
  • Type = REG_DWORD
  • Value = 1

So SSO was working already (you an test this by https://myapps.microsoft.com/yourdomain).

After this change Office 365 was able to activate and token is update at %localappdata%\microsoft\office\16.0\licensing

 

Beacuse I don't understand the change in the registry (what I'm doing exactly) I created a case with Microsoft (Case 23508770).

I got 9 engineers in a periode of 2 months but nobody understands seamless mode.  The most of them where thinking I'm using office web apps because they where confused by login in with netsclaer/storefront.

After 2 months Microsoft concluded that this was a Citrix only problem and that the 2 registry keys (article + additional) may not been modified because this will disable mondern authentication.

 

Therefor I replied today to the solution of Citrix that there solotuin isn't supported by Microsoft.

I also asked that Citrix will taken this problem to Microsoft because they have an great relationship.

 

Today I use the Citrix solution that isn't supported.

 

With 30 days I will know if it is still working.

(when I remove the idnetity key in the registery and remove the tokens, it seem to work).

 

Kr,

 

Roel Niesen

 

 

 

 

 

 

 

 
 
 
1 Like
Reply
Guillaume75

‎Feb 22 2022 02:18 AM

‎Feb 22 2022 02:18 AM

Re: SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

Hey,

do you have any news from MS or Citrix on this pb?

I have exactly the same problem, for a client...

SSO does not work in published application, but works fine in published desktop.

and we don't want to disable modern auth

thanks ! for return

0 Likes
Reply
DavidMillen84

‎Feb 16 2023 08:50 PM

‎Feb 16 2023 08:50 PM

Re: SSO in Office 365 ProPlus on Citrix VDA/RDS - Sign in Prompt

Hi,

Have you got any word back from Citrix or Microsoft?
0 Likes
Reply