KRecently, I demonstrated how Citrix Cloud Network Locations can be updated for dynamic IP addresses. The Citrix HDX traffic and „SmartAccess“ policies have been updated, but what about Microsoft MFA login to Citrix Cloud or Single Sign-On? That Single Sign-On for Citrix Cloud This works from the internal network as long as the specified location for conditional access in Microsoft Entra is correct. Here, too, the IP address can change frequently with dynamic IPs and must be updated accordingly. Here is another script-based solution that I use myself.
Signing in via Microsoft MFA and/or single sign-on with a Entra ID is being used more and more frequently. This can also be used to log in to Citrix Cloud, as long as the specified location has the current external IP address configured. To automate this again, I use the following PowerShell script:
$CurrentPubIP = (Invoke-WebRequest ifconfig.me/ip).Content.Trim()
$SecurePassword = ConvertTo-SecureString -String "" -AsPlainText -Force$TenantId = ''$ApplicationId = ''$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecurePasswordConnect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $Credential | out-nullConnect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -NoWelcome | out-null$body = @{"@odata.type" = "#microsoft.graph.ipNamedLocation"displayName = "Internal"isTrusted = $trueipRanges = @(@{"@odata.type" = "#microsoft.graph.iPv4CidrRange"cidrAddress = "$CurrentPubIP/32"})}Update MgIdentityConditionalAccessNamedLocation -NamedLocationId '' -BodyParameter $bodyhttps://github.com/Koetzing/Powershell-Scripts/blob/main/update-azure-ipnl.ps1
