We have some applications that are accessed through Citrix. These applications have their own internal entitlements, which we have created a request form to manage. Access to the Citrix application is managed through an Active Directory group. My goal is to make the request form function by automatically adding a user to to the Citrix AD group whenever the request access to the application. Similarly, I would like to automatically remove the Citrix AD group whenever all internal application entitlements have been removed from a user.