Recently I showed how Citrix Cloud Network Locations can be updated for dynamic IP addresses. The Citrix HDX traffic and "SmartAccess" policies are thus updated, but what about the Microsoft MFA logon to Citrix Cloud or single sign-on? Single sign-on to Citrix Cloud works from the internal network as long as the named location for conditional access in Microsoft Entra is correct. Here too, the IP address can change repeatedly with dynamic IPs and must then also be adjusted. Here again a script-based solution that I use myself.
Logging in via Microsoft MFA and/or single sign-on with an Entra ID is being used more and more frequently. This can also be used to log in to Citrix Cloud as long as the named location also has the current external IP address configured. To automate this again, I use the following Powershell script:
$CurrentPubIP = (Invoke-WebRequest ifconfig.me/ip).Content.Trim()
$SecurePassword = ConvertTo-SecureString -String "<SecPWD>" -AsPlainText -Force
$TenantId = '<TenantId>'
$ApplicationId = '<AppID>'
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecurePassword
Connect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $Credential | out-null
Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -NoWelcome | out-null
$body = @{
"@odata.type" = "#microsoft.graph.ipNamedLocation"
displayName = "Internal"
isTrusted = $true
ipRanges = @(
@{
"@odata.type" = "#microsoft.graph.iPv4CidrRange"
cidrAddress = "$CurrentPubIP/32"
}
)
}
Update-MgIdentityConditionalAccessNamedLocation -NamedLocationId '<nlID>' -BodyParameter $body
https://github.com/Koetzing/Powershell-Scripts/blob/main/update-azure-ipnl.ps1