Citrix MICROAPPS & G SUITE Configuration

Posted by

Citrix is about to take the next step of shaping the Future of Work. As we come towards the end of 2019 the release of Citrix Workspace Intelligence is imminent. This includes the new Microapp service where we can distill a single unit of work and allow users to interact with this unit of work, streamlining the user experience and increasing the users productivity. The Microapp will include a large number of templates from leading SaaS vendors such as Salesforce, ServiceNow & Google at launch.

I have been getting up to speed with the Microapp Service and wanted to share my configuration. In the below example, I add Google G Suite as a Microapp Integration allowing me to quickly create and view calendar events directly from my workspace. So let us take a look at what is needed to achieve this:

Before we begin, the following prerequisites should be observed:

  • We need both a Citrix Cloud account With Microapps Service and Google G Suite account (I am using a trial G suite account).
  • If your internal server hosting Workspace is behind a firewall, you must allow access to host name www.google.com with port 443, so Workspace can connect.
  • We should configure Citrix Gateway to support single sign-on for G Suite so that once users log in they are automatically logged in again without having to enter their credentials a second time. Follow the instructions in  G Suite Single Sign-on Configuration.

First We need a G Suite account.

We need a dedicated Google User account which is used to synchronize calendar data with Workspace. This account must have Admin API privilege Users/Read or a standard Admin role which includes this privilege.

In our admin.google.com portal, navigate to the user section and create a new user.

Once our new user is added, we need to select our Admin Roles Section and assign an appropriate role.

We now need to assign the Admin API Privilege to the chosen role. We find this under Admin API privilege. The privilege to be assigned is the Users – Read permission.

In this example I selected the Super Admin role but I advise in production scenarios to apply Least Privilege Principals. To assign to our admin user, select Assign Admin and enter our newly created user.

Create a GCP Project

Next we are gonna switch over to Google Cloud Platform as we need to enable APIs for the required services.

Log in to https://console.developers.google.com with an administrator account(we can use the account we just created) and select Create to create a new project. You can also update an existing project.

Enable G Suite delegation and create Service Account Key

Now that we have our project created we need to enable the API’s that we require for the integration which will then allow us to create the credentials which the Microapps service will use. The API’s needed are ADMIN SDK and Google Calendar API.

Next we want to create a service account within the newly created project. Select the hamburger menu – IAM & admin – Service accounts & create service account.

Add a role

In the next screen it asks to add a role to this new user. We need to add the owner role to the user:

Within GCP developer portal, we have the opportunity to create a JSON private Key. This generates a JSON file that we can save for later use.

Enable and manage API access

We switch back now to our admin.google.com. From the main portal, we select the SECURITY option. Under the advanced options we select “Manage API Client Access”

Here we add in the client ID and API Scopes URL’s. We can find the client ID inside the JSON file we generated before. The URL’s can be found in the Citrix documentation and below:

https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly

https://www.googleapis.com/auth/admin.directory.user.readonly

https://www.googleapis.com/auth/calendar

Add callback URLs to Google API Console

We need to grant access to private data and provide a link to terms of service and privacy policy.

Go to https://console.developers.google.com/apis/credentials/consent?project=s4s-calendar&authuser=0&duration=P1D

Navigate to Oauth Consent screen – Under Authorized domains, add your domain and Save.

For the final piece of the configuration on Google, navigate to credential section, select to “Create Credentials”, select Oauth Client ID:

 

Citrix MicroApp Configuration

We are finally ready to start configuring our microapp integration on Citrix Cloud. Go to your Citrix Cloud Admin portal and Select the Microapp Service:

Select the G Suite Calendar Microapp.

We then fill in the required details. We add the Json Private Key, add our admin user that we created and select USER Consent (3Lo). We then find our Client ID and Secret and add these also and save. See below:

This then adds the 7 Gsuite Templates… now you have Citrix Intelligent Workspace with Gsuite Integration.

I am really excited for the endless possibilities introduced by Citrix Intelligent Workspace and Citrix Microapps Service. These built in SaaS service templates are just the tip of the iceberg in terms of possibilities. I hope the above helps give an insight into the template configurations. Happy configuration!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.