Within the Citrix webaccess it’s basically not possible to grant access to only one specific group. We can go around this most of the time by using tokens, but there’s also another way of managing.
Through some minor adjustments at the ‘source’ of citrix it can be made possible. Luckily there’s an addon so we don’t have to do everything manually.
Check this site for the addon: