Users are Prompted to Accept the "Permissions requested" when Logging in to Citrix cloud
Article ID: CTX665875
Updated On:
Description
Users are Prompted to Accept the "Permissions requested" when logging in to https://citrix.cloud.com.
Resolution
The customer only gave consent to the Application ID: f9c0e999-22e7-409f-bb5e-956986abdf02 used as the Default connection between Azure AD and Citrix Cloud, BUT not to Application ID: e95c4605-aeab-48d9-9c36-1a262ef8048e which is used for the Workspace subscriber login.
Granting tenant-wide admin consent for both "Default connection between Azure AD and Citrix Cloud" (Application ID: f9c0e999-22e7-409f-bb5e-956986abdf02) and "Workspace subscriber login" (Application ID: e95c4605-aeab-48d9-9c36-1a262ef8048e) allowed end users to connect without being prompted to accept permissions.
Problem Cause
When Azure AD is used with the Citrix Cloud, one or more Enterprise Applications might be created in the target Azure AD tenant.
All of these applications require tenant-wide admin consent to be granted by a Global Administrator or Privileged Role Administrator with permissions for granting consent for apps.
Issue/Introduction
Users are Prompted to Accept the "Permissions requested" when logging in to https://citrix.cloud.com.
Additional Information
More Information: Information on Granting tenant-wide admin consent to an application: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal
Note: When viewing Enterprise Applications under Azure, the Application Name will be "Citrix Cloud", followed by an object ID, and an Application ID. Details of the function and required permissions of each Application ID can be found here: https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-management/identity-access-management/azure-ad-permissions.html#enterprise-applications
