![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
25,232 questions
Hi @Kevin Kelly • Thank you for reaching out.
To connect Citrix Cloud to Azure using SAML 2.0 and require MFA, the minimum license required is Azure AD Free.
With the Azure AD Free edition, end users who have been assigned access to the software as a service (SaaS) apps can get single sign-on access to an unlimited number of cloud apps. Azure AD Premium P1 and Premium P2 are needed only when you want to integrate On-premises apps via Azure AD Application Proxy or secure hybrid partnerships integrations.
In the Azure AD Free edition, you can enable MFA for all users using security defaults. As this is a free feature, you don't get the option to select a specific set of user or specific apps to trigger MFA for. If you want such granular control, you can use Conditional Access policies which require at least Azure AD Premium P1.
Ref. Azure Active Directory pricing
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.