Skip to main content

Workspace Service

Overview

Atria Workspace allows Service Providers to abstract the management of user desktops, applications, access and resources through an easy to understand interface. We recommend that you follow these guides in the given order to ensure that you understand the structure of Workspace and how it needs to be configured.

The Atria Workspace Service supercedes

  • the Hosted Apps and Desktops service, and
  • the original widely used Citrix Service.

In many cases, Workspace can also be used to simplify and replace Custom Services modules.

Workspace simplifies the operational management of any system utilizing group based access control, making it easy for you to manage your end-customers, and for your customers to safely self-manage their users.

Provisioning Users with Applications, resources and security access is a primary function of any IT team. Workspace serves as a central point when setting up a user within an organization, while hiding the complexity of back-end systems.

New users can be quickly onboarded using the Workspace service, granting them instant access to resources across both Microsoft 365 and Active Directory.

Workspace features:

  1. Adding a user into a group in Entra ID (Also known as Azure AD, or Microsoft 365).
  2. Adding users into local Active Directory Security Groups.
  3. Setting Terminal Server & Remote Desktop Services (RDP) properties against users.
  4. Setup and apply standardised roles within customers - ensuring users get the right access for their role.
  5. Bulk add and change user access.
  6. Add custom automations to simplify setup or removal of applications to/from customers and users.

Workspace Benefits

  • Allows you to map all access controls across all systems into a single comprehensible view.
  • Complex group names and configurations can be displayed in terms that are meaningful to non-technical users.
  • Perform central updates without needing to log in to multiple systems.
  • Improve compliance, by centrally tracking access changes.
  • Enable helpdesk staff to manage user access easily, quickly and without needing admin rights.
  • Allow customers to create universal roles that make it easy for internal staff to ensure the right access is granted.
  • Track billing of virtually anything assigned to customers or users.
  • Add custom automation on assignment or removal of access to a user.
  • Bring categorisation and structure to the systems you use.

Hybrid Cloud

Workspace supports both on-premises based Active Directory in multi-tenant and single tenant configurations, as well as Microsoft Entra ID (formerly Azure AD).

Workspace Concepts

Workspace is managed by a few core functions, Lists, Items, ItemTypes, and roles:

  • Lists are the method of providing the Items to clients.
  • ItemTypes define the type of item (e.g. Distribution Group, Microsoft 365 Group).
  • Items are individual resources.
  • Roles are another way to aggregate items together for delivery to clients and resellers.

Below is more information about each of the core functions.

Items and Item Types

Workspace Item

A resource that can be assigned to customers and users within the system, controlling access rights.

  • These items are classified by their Workspace Item Type and have various properties, including visibility (public or private), name, description and icon.

img

Further info: Workspace Items

Workspace Item Type

Serves as a template that defines a configuration for creating and classifying Workspace Items.

Workspace Item Types standardize how resources are managed and accessed within the system, each Workspace Item is created as instances of their associated Item Type.

A set of example Workspace Item Types are provided from installation, but you can also create your own definitions to map to the services you are delivering.

Further info: Workspace Item Types

Lists

Workspace Lists are used to provide pre-defined lists of Workspace Items, that can be centrally maintained and configured.

Workspace lists are useful when distributing via a channel, resellers or partners. Workspace Lists allow you to create focused lists of items for individual resellers or types of resellers.

Configuration for Workspace items can be overridden within a list - allowing flexibility for resellers.

Further info: Managing Workspace Lists

Roles

Workspace Roles are private to a customer. A role allows a set of Workspace Items to be assigned as a group to a user in one go. Once a role has been set up, any changes to the role are automatically applied to every user who has the role.

A small uptime investment in configuring Workspace Roles for a customer will reap long term rewards in simplifying provisioning and ongoing maintenance.

Workspace Roles make self-service simple:

  • Setup of new users is rapid.
  • Mistakes are reduced.
  • Security is improved as users get the appropriate access for their roles.

Further info: Workspace Roles

Workspace Automation

Workspace ItemTypes have defined events. Workspace items inherit these events and any automations attached to them.

The events available are:

  • customer.provision
  • customer.deprovision
  • user.assign
  • user.unassign

You can attach Powershell script execution to these events. Workspace Items are associated with an IDP. For Entra ID, the central provisioning engine will execute the script in the context of the Entra tenant. For Active Directory, the script will be executed in the Active Directory where the user resides.

Further info: Workspace Automation

Workspace Q&A

Q: What are the largest changes compared to Citrix / Hosted Apps and Desktops service?

The older Atria "Citrix" service and "Hosted Apps and Desktops" service have some dependency on Citrix software, either by name or functionality. Workspace still works well with Citrix, but it can also manage other applications, services, or systems you are delivering to your customer base.

Workspace is designed to work with any group based system for management, enabling service providers to manage access and features across a wider range of technologies from one place.

Workspace Item Types allow you to group and define processes for the systems you use, so you can cater for different systems and behaviours across your customer base.

Entra ID (Azure AD) and Active Directory (multi-tenant and private tenant) are now supported, allowing you to manage access across systems.

New Workspace Roles, allow customers to create their own roles combining Entra ID and Active Directory based applications and resources.

Improved automation, allows scripts to be defined and executed on assignment of resources to customers or users.