When launching a virtual desktop in Citrix Cloud Workspace, user credential input is prompted by the VDA Windows OS. End user has to manually input the user credential to complete Windows sign-in, rather than a single sign-on experience.

End users sign-in Citrix Cloud Workspace using Azure Active Directory (AAD) as an identity provider, while the virtual desktops is on-prem AD domain joined. In such use case, it is an excepted behavior that Windows OS of the virtual desktop prompted user credential input. 

To achieve single sign-on to virtual desktop in such use case, it is recommended to deploy Citrix FAS according to https://docs.citrix.com/en-us/federated-authentication-service/current-release/install-configure.

The article describes a failure of single sign-on Citrix DaaS virtual desktop due to the environmental configurations.