Citrix Workspace app for iOS
Citrix Product Documentation | docs.citrix.com July 13, 2020
Citrix Workspace app for iOS
About this release
June 23, 2020
What’s new in 20.6.0
External monitor and toolbar support feature preview
Starting with this release, you can use the Citrix X1 Mouse to operate the toolbar on an external moni-
tor. You can now move the toolbar notch horizontally, while the toolbar is closed. When you connect
your iOS device to the external monitor, Citrix Workspace app automatically detects the screen res-
olution of the external monitor. You can use the Display button on the toolbar to select a particular
screen resolution. You can access the Display option without having to add an account or sign in first.
What’s new in 20.5.0
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.4.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.4.0
Note:
Starting in June 2020, Citrix Workspace app discontinues supporting iOS operating system ver-
sion 11.x. As an alternative, upgrade your iOS operating system to version 12 or later.
Citrix X1 Mouse pairing and connection status
This feature lets you have more control over the Citrix X1 Mouse pairing process. On the Settings
screen, you can:
• Pair the Citrix X1 Mouse. You can also pair an X1 Mouse when you are in a session.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 3
Citrix Workspace app for iOS
• View the connection status.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 4
Citrix Workspace app for iOS
© 1999-2020 Citrix Systems, Inc. All rights reserved. 5
Citrix Workspace app for iOS
• View the Citrix X1 Mouse properties such as Name, UUID, Firmware Revision, and Battery
Level. To do so, tap the Citrix X1 Mouse entry under CONNECTED MOUSE.
Connected mouse proprties:
AssistiveTouch
With the AssistiveTouch feature enabled on iOS 13 or later, you can see the AssistiveTouch cursor if you
switch between desktop mouse mode and AssistiveTouch mode.
Note:
In desktop mouse mode, the pointer cursor appears; in AssistiveTouch mode, the round cursor
appears.
The AssistiveTouch cursor appears when you:
• Leave a session
• Go to the iOS App Switcher screen
© 1999-2020 Citrix Systems, Inc. All rights reserved. 6
Citrix Workspace app for iOS
• Go to the iOS home screen or another app
Desktop mode resumes when you navigate back to Citrix Workspace app and when you are in a ses-
sion.
What’s new in 20.3.0
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.2.2
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.2.0
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.1.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 20.1.0
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1912.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1911
Workspace with intelligence
This version of Citrix Workspace app for iOS is optimized to take advantage of the upcoming intelli-
gent features when they are released. For more information, see Workspace Intelligence Features -
Microapps.
What’s new in 1910.5
This release addresses a number of issues that help to improve overall performance and stability.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 7
Citrix Workspace app for iOS
What’s new in 1910
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1909.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1909
iOS 13 and iPadOS support
Citrix Workspace app for iOS is supported on iOS 13 and iPadOS, including multitasking support on
iPadOS.
Important:
• The CR01 app is not supported on iOS 13. If you are using the CR01 app, Citrix recommends
that you do not upgrade to iOS 13.
• If you use the SHA-1 certificate chain, you might need to switch to the SHA-2 certificate
chain. SHA-1 signed certificates are no longer trusted on iOS 13. For more information on
TLS server certificates, see Requirements for trusted certificates in iOS 13 and macOS 10.15.
• In iOS 13, launching sessions from the Safari web browser has changed. For more informa-
tion, see the help documentation.
With support for AssistiveTouch, Citrix Workspace app for iOS now connects to the Citrix X1 Mouse
dierently. Citrix Workspace app no longer connects to the Citrix X1 Mouse at launch. Therefore, the
Citrix X1 Mouse icon is no longer available on the toolbar next to the Settings icon. To see if access to
a paired Citrix X1 Mouse is enabled for Citrix Workspace app, navigate to Settings > Citrix X1 Mouse.
What’s new in 1908
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1907.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1907
This release addresses a number of issues that help to improve overall performance and stability.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 8
Citrix Workspace app for iOS
What’s new in 1906
Session roaming on iPad
Session roaming is also now available on iPad devices. For more information, see the help documen-
tation for iOS devices.
Keyboard layout synchronization
Keyboard layout synchronization enables users to switch preferred keyboard layouts on the client
device. This feature is disabled by default.
To enable keyboard layout synchronization, go to Settings > Keyboard Options and enable the Key-
board Layout Sync option.
Note:
Using the local keyboard layout option activates the client IME (Input Method Editor). If you are
working in Japanese, Chinese, or Korean language and prefer to use the server IME, disable the
local keyboard layout option by clearing the option in Preferences > Keyboard.
What’s new in 1905.5
Support for session roaming
Session roaming is now available on iPhone and iPod touch devices when using a cloud store. For
more information, see the help documentation for iOS devices.
What’s new in 1905
Enhancement to workspace hub
Citrix Workspace app integrates a new procedure for adding or removing a workspace hub from the
trusted list on iOS devices. For more information, see Security Connection.
Host to client redirection
Content redirection allows you to control whether users access information by using applications pub-
lished on servers or applications running locally on user devices.
Host to client redirection is one type of content redirection. It is supported only on Server OS VDAs
(not Desktop OS VDAs).
When host to client redirection is enabled, URLs are intercepted at the server VDA and sent to the user
device. The web browser or multimedia player on the user device opens these URLs.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 9
Citrix Workspace app for iOS
If you enable host to client redirection and the user device fails to connect to a URL, the URL is redi-
rected back to the server VDA.
When host to client redirection is disabled, users open the URLs with web browsers or multimedia
players on the server VDA.
When host to client redirection is enabled, users cannot disable it.
Host to client redirection was previously known as server to client redirection.
For more information, see General content redirection.
What’s new in 1904.5
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1904.2
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1904
Enhancements
• You can view the list of recently used SaaS or Web apps under the Recent tab for apps and desk-
tops.
• Citrix Ready workspace hub supports a Secure Sockets Layer (SSL) connection between mo-
bile devices and the hub for security purposes. You need to set a Fully Qualified Domain Name
(FQDN) either manually or automatically to uniquely identify each device. For more informa-
tion, see Security connection in the Citrix Ready workspace hub documentation.
What’s new in 1903
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1902
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1901
This release addresses a number of issues that help to improve overall performance and stability.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 10
Citrix Workspace app for iOS
What’s new in 1812
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1811
This release addresses a number of issues that help to improve overall performance and stability.
What’s new in 1810.2
This release addresses a number of issues that help to improve overall performance and stability.
Note:
For more information on configuring Citrix Ready workspace hub internal beacons, see Knowl-
edge Center article CTX218708.
What’s new in 1810.1
Support for Citrix Ready workspace hub
The Citrix Ready workspace hub combines digital and physical environments to deliver apps and data
within a secure smart space. The complete system connects devices (or things), like mobile apps and
sensors, to create an intelligent and responsive environment.
Citrix Ready workspace hub is built on the Raspberry Pi 3 platform. The device running Citrix
Workspace app connects to the Citrix Ready workspace hub and casts the apps or desktops on a
larger display.
For more information about Citrix Readyworkspace hub in Citrix Workspace app for iOS, see Configure
Citrix Ready workspace hub.
For more information about Citrix Ready workspace hub, see Citrix Ready workspace hub documen-
tation.
What’s new in 1810
Support for Purebred derived credentials
This release introduces support for Purebred derived credentials within Citrix Workspace app for iOS.
When connecting to a Store that allows derived credentials, users can log on to Citrix Workspace app
for iOS using a virtual smart card. This feature is supported only on on-premises deployments.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 11
Citrix Workspace app for iOS
Note:
Citrix Virtual Apps and Desktops 7 1808 or later is required to use this feature.
For information on configuring derived credentials, see Derived credentials.
What’s new in 1809
iOS 12 support
Citrix Workspace app for iOS fully supports iOS 12.
What’s new in 1808
Updated end user help
The end user help located within the app has been completely rewritten and updated to reflect all the
changes to Citrix Workspace app for iOS.
Fixed issues
Fixed issues in 20.6.0
• Previously, when you added a Web Store account, Citrix Workspace app for iOS ignored certifi-
cate errors. Starting with this release, an appropriate error message appears when you add a
Web Store or a Web interface account with an invalid certificate. [RFIOS-5403]
Fixed issues in earlier releases
Fixed issues in 20.5.0
• Launching applications inside Citrix Workspace app fails with the following error:
“CAMAuthManErrorNoSuitableLogonProtocol”
The issue occurs due to an incorrect API. [RFIOS-5530]
Fixed issures in 20.4.5
• On a non-English language keyboard, when you enter the credentials on the Sign in page, the
contents of the Password field appear in English. [CVADHELP-14068]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 12
Citrix Workspace app for iOS
Fixed issues in 20.4.0
• The action assigned to a double-tap gesture might not work as expected. The issue occurs when
an extra tap from Citrix Workspaceapp performs a dierentaction. The double-tap action works
properly when you are using the Citrix X1 Mouse or an on-screen mouse. [RFIOS-4814]
• The on-screen keyboard appears at every tap even aer undocking it. [RFIOS-5267]
• When you sign out of a cloud account using Settings > Store > Sign Out, the sign-out process
might not work as expected. The issue occurs intermittently on iPhones. [RFIOS-5197]
• Aer changing a DNS, launching a session might fail with a connection error. This issue occurs
because of a stale IP resolution in the cache. [RFIOS-5358]
Fixed issues in 20.3.0
• In a cloud setup, when you open the Citrix Workspace app, the app badge count is not cleared.
[RFIOS-5194]
Fixed issues in 20.2.2
• Single Sign-on does not work with Citrix Files. [RFIOS-5564]
Fixed issues in 20.2.0
• If you tap the Back button in your Citrix Gateway session, you might be signed out and taken
back to the sign-in page. The issue occurs when you access the Citrix Workspace app through
Web Interface (WI). [RFIOS-5059]
• Modifications applied to a delivery group might not synchronize with the Store. As a result, the
list of apps is not refreshed. [RFIOS-5103]
• The Citrix X1 Mouse pointer might disappear unexpectedly. The issue occurs if you leave Citrix
Workspace app with a session running or with the mouse settings screen open and then switch
back to Citrix Workspace app. [RFIOS-5349]
Fixed issues in 20.1.5
• Attempts to import a so token when you click on an .sdtid file might fail. The issue occurs on
iOS 13.3 and iPadOS 13.3. [RFIOS-5236]
• Citrix Workspace app exits unexpectedly aer January 1, 2020 when using the camera in a pub-
lished session. The issue does not occur when you manually set the date to 2019. [RFIOS-5208]
• In a cloud setup, you might observe an incorrect badge count. [RFIOS-5195]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 13
Citrix Workspace app for iOS
Fixed issues in 20.1.0
• Attempts to launch a published desktop using a cloud-hosted VDA might fail. The issue occurs
when the VDA starts from a powered o state. [RFIOS-5027]
• Attempts to add accounts using email-based account discovery might fail with the following
error message:
“Cannot Add Account. Workspace cannot find the server for this domain. If you received a URL
from your IT, you can enter that instead of your email.”
The issue occurs when you upgrade from Version 1910.5 to 1911. [RFIOS-5052]
Fixed issues in 1912.5
• Citrix Workspace app might fail to reconnect to a Citrix X1 Mouse. The issue can occur when you
unlock an iOS device aer it is idle for a period of time. [RFIOS-4864]
Fixed issues in 1911
• Attempts to add an account might fail when you connect to your workspace with a direct con-
nection to the Storefront server. [LD2549]
• Attempts to open so token (.sdtid) and configuration (.cr) files might fail aer you upgrade to
iOS 13. As a result, you cannot import Citrix Workspace app configurations from either file type.
[RFIOS-4788]
• If you launch a VDA session, the session remains active on the extended monitor aer you lock
the device. [LD2016]
• Attempts to open the content links might fail if you connect to your workspace through Citrix
Gateway. [LD1378]
Fixed issues in 1910.5
• Attempts to start a favorite app from the Favorite Apps list might fail. [LD1007]
• Attempts to add an account might fail when you use Active Directory and authenticate to Azure
through Active Directory Federation Services (ADFS). [RFIOS-4679]
Fixed issues in 1910
• Attempts to launch Citrix Workspace app for iOS might fail and the following error message ap-
pears: operation hdxsdk error domain session error 8. [LD0651]
• When you enable keyboard shortcuts in iOS keyboard settings, the client IME of the Japanese,
Chinese, and Korean languages might not work as expected. [LD2329]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 14
Citrix Workspace app for iOS
Fixed issues in 1909.5
• In Version 1909, the client drive mapping (CDM) feature might not work. [RFIOS-4655]
Fixed issues in 1909
• When you use the mouse pointer to double-click an app or a file, the app or the file opens twice.
[LD1160]
• Citrix Workspace app for iOS Versions 1904 and 1905 sometimes exit unexpectedly. [RFIOS-4301]
• This release addresses connectivity and discovery issues with the Citrix X1 Mouse. [RFIOS-4529]
Fixed issues in 1908
• When the Citrix Workspace app moves from the background to the foreground, the following
error message appears: “Reconnected to server”. [RFIOS-4510]
• When the Citrix Workspace app moves from the background to the foreground, any window that
is open using the published desktop moves on the screen and the screen resolution appears
odd. This issue occurs when you use the Citrix Workspace app version 1904.2 or later. [RFIOS-
4401]
• Aer you configure Face ID authentication on the device, the following issue might occur: When
you refresh the list of apps and desktops, the Citrix Workspace app might exit unexpectedly.
[LD1633]
• Aer you disconnect or reconnect a session, the Citrix X1 Mouse might fail to be rediscovered.
Also, occasionally, drag-and-drop mouse actions are unsuccessful. [RFIOS-4487]
Fixed issues in 1907.5
• When your Active Directory (AD) password expires, the Sign in page does not alert you about it.
[LD1849]
Fixed issues in 1907
• On an iPad, when two resources have the same display name and one of them is already in a
session, launching the other resource might fail. [LD1467]
• When an active user session times out, the session might fail to relaunch and the following error
message appears:
“The address given did not provide a valid app list. Please check the address, gateway settings,
and your network connection.”
The issue occurs due to incorrect communication between the Citrix Workspace app and the
Citrix Gateway.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 15
Citrix Workspace app for iOS
• On a smart keyboard, when you press the Shi key and scroll using the Citrix X1 mouse, the
vertical scroll is unsuccessful. [LD1284]
Fixed issues in 1906
• If you try to launch an app or desktop locally, while roaming the same app or desktop from a
cloud store to a workspace hub, your roaming session ends. [WH-2128]
• The search bar on the iPad is truncated when switched to the Landscape mode. [RFIOS-2310]
• When you rotate the device to Landscape mode, the Settings menu might display abnormally.
This issue occurs when you minimize the Citrix Workspace app screen while in multi-task mode.
[RFIOS-3066]
Fixed issues in 1905.5
• Aer you sign on to StoreFront using the Safari web browser, the virtual desktop or application
might fail to open. [RFIOS-4178]
Fixed issues in 1905
This release also addresses a number of issues that help to improve overall performance and stability.
Fixed issues in 1904.5
• When you log on to Citrix Workspace app for the first time, your login might fail and the following
error message appears:
“Cannot Connect to Server. Try again.”
[RFIOS-3588]
• Unable to get the current latitude and longitude report details. [RFIOS-3668]
• Deleting client certificates from Account Settings might cause Workspace app to exit unexpect-
edly. [RFIOS-4212]
Fixed issues in 1904.2
• When you tap the “arrow” icon on the custom toolbar, the custom arrow keys are invisible.
[RFIOS-4233]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 16
Citrix Workspace app for iOS
Fixed issues in 1904
• You can add PNAgent accounts seamlessly. [RFIOS-3342]
• You can view the WiFi SSID on certain connection related error messages. With the help of the
WiFi SSID, you can ensure that you are on the same network as the Citrix Ready workspace hub
you are trying to connect to. [WH-1903]
• When the active directory (AD) password has expired, resetting your AD password from Citrix
Workspace app fails with an error. [RFIOS-3241]
• In sessions running on a Japanese language VDA, pressing the Option (Alt) + Return keys allows
you to input a new line in a cell in Microso Excel while retaining the IME mode. [RFIOS-4046]
• When you reconnect a device and the VDA, the display becomes unresponsive for 10 to 20 sec-
onds aer the device recovers from sleep mode. [RFIOS-4146]
• With Google two-factor authentication, logging on to Citrix Workspace app from an iOS device
fails and the following error message appears:
Incorrect user name, password or passcode
[RFIOS-4064]
Fixed issues in 1903
• When using Version 1810 of Citrix Workspace app on an iPhone X, the keyboard symbol disap-
pears when the client device is in landscape view. [LD0619]
• When using Version 1812 of Citrix Workspaceapp on a non-English system, the Add new account
field label appears in English. [LD1066]
• The Citrix X1 Mouse becomes unresponsive when the client device is idle for a long time.
[LD0842]
• The Citrix Workspace app splash screen dialog is suppressed in version 1903 and later. [RFIOS-
3509]
Fixed issues in 1902
• When Enlightened Data Transport (EDT) protocol is used, the display becomes unresponsive for
10 to 20 seconds aer the device recovers from sleep mode. [LD0854]
• When you enter username and password for authentication, the keyboard layout switches to a
dierent language when using the password field. [LD0588]
Fixed issues in 1901
• When an external Apple Bluetooth keyboard is connected and you press Shi + 0 to type the “)”
symbol, the session is disconnected. [RFIOS-3658]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 17
Citrix Workspace app for iOS
Fixed issues in 1812
• The text on the screen appears to be spaced incorrectly if the screen resolution is set to “Auto-fit
Low” with a resolution of 1024x1366. [LC9808]
• When Citrix Gateway is pointing to the Web Interface, Stores might not enumerate correctly and
you might have issues when adding the Store account. [RFIOS-3342]
• When you attempt to remove mandatory apps from the Favorite Apps list, Citrix Workspace app
does not display an alert message. [RFIOS-1556]
• When the virtual keyboard appears, the X1 mouse coordinates can oset to display an incorrect
selection. [RFIOS-3418]
• When you sign in to a PNAgent account, the page does not display a screen asking you to en-
ter your domain credentials. This issue occurs if you missed entering the domain credentials
initially. [RFIOS-2944]
• Aer upgrading to Citrix Workspace app for iOS 1809, when you launch a published app, a Cer-
tificate not trusted error message appears. [RFIOS-3368]
Fixed issues in 1811
• Digital signatures might not get captured correctly. To fix the issue, add the HandleDoubleTa-
pLocally=no parameter into the default.ica file to disable the behavior.
To modify the default.ica file on the StoreFront or on the Web Interface server, see Knowledge
Center article CTX116357 for detailed steps. [LD0629]
Fixed issues in 1810.2
This release addresses a number of issues that help to improve overall performance and stability.
Fixed issues in 1810.1
This release addresses a number of issues that help to improve overall performance and stability.
Fixed issues in 1810
This release addresses a number of issues that help to improve overall performance and stability.
Fixed issues in 1809
• Users might not be able to log on to the Store when upgrading from Citrix Receiver to Citrix
Workspace app. [RFIOS-3233]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 18
Citrix Workspace app for iOS
Fixed issues in 1808
This release addresses a number of issues that help to improve overall performance and stability.
Known issues
Known issues in 20.6.0
No new known issues have been observed in this release.
Known issues in earlier releases
Known issues in 20.5.0
No new known issues have been observed in this release.
Known issues in 20.4.5
No new known issues have been observed in this release.
Known issues in 20.4.0
No new known issues have been observed in this release.
Known issues in 20.3.0
No new known issues have been observed in this release.
Known issues in 20.2.2
No new known issues have been observed in this release.
Known issues in 20.2.0
• When you sign out of a cloud account using Settings > Store > Sign Out, the sign-out process
might not work as expected. The issue occurs intermittently on iPhones. As a workaround,
relaunch Citrix Workspace app. [RFIOS-5197]
• When you edit and save the Store settings and then abandon the edits by canceling authenti-
cation, the Workspace account might get removed from the app. The issue occurs in a cloud
setup. [RFIOS-5433]
• In a cloud setup, when you edit and save the account settings, Citrix Workspace app might in-
termittently become unresponsive. As a workaround, relaunch Citrix Workspace app. [RFIOS-
5379]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 19
Citrix Workspace app for iOS
Known issues in 20.1.5
• In a cloud setup, when you open the Citrix Workspace app, the app badge count is not cleared.
[RFIOS-5194]
• When you sign out of a cloud account using Settings > Store > Sign Out, the sign-out process
might not work as expected. The issue occurs intermittently on iPhones. As a workaround,
relaunch Citrix Workspace app. [RFIOS-5197]
Known issues in 20.1.0
• In a cloud setup, you might observe an incorrect badge count. [RFIOS-5194]
• In iOS 13.3 devices, you might observe an incorrect badge count. [RFIOS-5204]
• The “Try the Demo” option is unavailable. [RFIOS-4902]
Known issues in 1912.5
No new known issues have been observed in this release.
Known issues in 1911
No new known issues have been observed in this release.
Known issues in 1910.5
No new known issues have been observed in this release.
Known issues in 1910
• An empty area might appear below the virtual keyboard in a session. [LC9314]
Known issues in 1909.5
• In Version 1904 and later, you might not be able to enter the credentials on the Sign in page.
This issue occurs when you use the Face ID to authenticate.
As a workaround, navigate to Settings > Password & Accounts and then disable AutoFill Pass-
words. The issue has been observed on iPhone devices that use iOS 12. [RFIOS-4652]
• When you enable keyboard shortcuts in iOS keyboard settings, the client IME of the Japanese,
Chinese, and Korean languages might not work as expected. As a workaround, in iOS, go to
Settings > General > Keyboard > Shortcuts and disable the option. [LD2329]
© 1999-2020 Citrix Systems, Inc. All rights reserved. 20
Citrix Workspace app for iOS
Known issues in 1909
• On iOS 13 devices which are using Japanese, Chinese or Korean language keyboards, the
Command-C and Command-V keyboard shortcuts are unsuccessful. [RFIOS-4620]
Known issues in 1908
No new issues have been observed in this release.
Known issues in 1907.5
No new issues have been observed in this release.
Known issues in 1907
No new issues have been observed in this release.
Known issues in 1906
No new issues have been observed in this release.
Known issues in 1905.5
• If you try to launch an app or desktop locally while roaming the same app or desktop from a
cloud store to a workspace hub, your roaming session ends. [WH-2128].
Known issues in 1905
No new issues have been observed in this release.
Known issues in 1904.5
No new issues have been observed in this release.
Known issues in 1904.2
No new issues have been observed in this release.
Known issues in 1904
No new issues have been observed in this release.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 21
Citrix Workspace app for iOS
Known issues in 1903
• Aer you sign on to StoreFront using the Safari web browser, the virtual desktop or application
might fail to open. [RFIOS-4178]
Known issues in 1902
No new issues have been observed in this release.
Known issues in 1901
No new issues have been observed in this release.
Known issues in 1812
No new issues have been observed in this release.
Known issues in 1811
• Finger taps might not register correctly when using the Auto-fit High setting on an iPad Pro
12.9”. As a workaround, change the Display Options in Citrix Workspace app to another setting.
[RFIOS-1766]
Known issues in 1810.2
• Finger taps might not register correctly when using the Auto-fit High setting on an iPad Pro
12.9”. As a workaround, change the Display Options in Citrix Workspace app to another setting.
[RFIOS-1766]
• When switching networks, sessions might not reconnect or relaunch. As a workaround, close
and relaunch Citrix Workspace app. [RFIOS-3246]
• Sessions might not launch, displaying HdxSdkErrorDomain_Session error 8. As a workaround,
close and relaunch Citrix Workspace app. [RFIOS-3374]
Known issues in 1810.1
No new issues have been observed in this release.
Known issues in 1810
No new issues have been observed in this release.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 22
Citrix Workspace app for iOS
Known issues in 1809
No new issues have been observed in this release.
Known issues in 1808
• When using a smart card on an iPhone, launching an app aer logging o displays a constant
loading status. As a workaround, relaunch the app. [RFIOS-2550]
• When using a smart card, session sign out might not work correctly aer upgrading to Citrix
Workspace app for iOS. As a workaround, relaunch the app. [RFIOS-3076]
Limitations
• Attempts to launch an app by tapping the ICA file in the download manager fail when using the
Safari web browser. To ensure successful app launches from Safari, make sure the latest version
of Citrix Workspace app or Citrix Receiver for iOS (but not both) is present on the device. [RFIOS-
5502]
• Citrix Workspace app for iOS does not yet fully support any generic mouse or trackpad in Citrix
Virtual Apps and Desktops sessions.
Feature preview
Feature previews are available for customers to use in their non-production or limited production
environments, and to give them an opportunity to share feedback. Citrix does not accept support
cases for feature previews but welcomes feedback for improving them. Citrix may or may not act on
feedback based on its severity, criticality, and importance.
Copied!
Failed!
Prerequisites for installing
June 19, 2020
System requirements and compatibility
Device requirements
• Citrix Workspace app version 1808 or later for iOS supports iOS 12.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 23
Citrix Workspace app for iOS
• Citrix Workspace app version 1909 or later for iOS supports iOS 13 and iPadOS.
• This soware update has been validated on the following devices:
– iPhone 7x models, iPhone 8x models, and only iPhone X model.
– All iPad models (including iPad Pro) except for iPad 1 and iPad 2 which are not supported.
• External display support
– iPhone - as supported by iOS.
– iPad - as supported by iOS (does not use the whole screen).
Server requirements
Ensure you install all the latest hotfixes for your servers.
• For connections to virtual desktops and apps, Citrix Workspace app for iOS supports Citrix Store-
Front and Web Interface.
StoreFront:
– StoreFront 3.6 or later (recommended). Citrix Workspace app for iOS has been validated
with the latest version of StoreFront; previous supported versions include StoreFront 2.6
or later.
Provides direct access to StoreFront stores. Citrix Workspace app for iOS also supports
prior versions of StoreFront.
Note:
With XenApp and XenDesktop 7.8, Citrix introduced support for the Framehawk vir-
tual channel and 3D Pro. This functionality was extended to Citrix Workspace app for
iOS.
– StoreFront configured with a Workspace for Web site
Provides access toStoreFront stores from a Safari web browser. Users must manually open
the ICA file using the browser. For the limitations of this deployment, see the StoreFront
documentation.
Web Interface:
– Web Interface 5.4 with Web Interface sites
– Web Interface 5.4 with XenApp Services sites
– Web Interface on Citrix Gateway (browser-based access only using Safari)
You must enable the rewrite policies provided by Citrix Gateway.
• Citrix Virtual Apps and Desktops, XenApp, and XenDesktop (any of the following products):
– Citrix Virtual Apps and Desktops 7 1808 or later
© 1999-2020 Citrix Systems, Inc. All rights reserved. 24
Citrix Workspace app for iOS
– Citrix XenDesktop 7.x or later
– Citrix XenApp 7.5 or later
– Citrix XenApp 6.5 for Windows Server 2008 R2
Connections, certificates, and authentication
For connections to StoreFront, Citrix Workspace app for iOS supports the following authentication
methods:
Workspace
for Web using
browsers
StoreFront
Services site
(native)
StoreFront
XenApp
Services site
(native)
Citrix
Gateway to
Workspace
for Web
(browser)
Citrix
Gateway to
StoreFront
Services site
(native)
Anonymous Yes Yes
Domain Yes Yes Yes Yes* Yes*
Domain
pass-through
Yes Yes Yes
Security
token
Yes* Yes*
Two-factor
authentica-
tion (domain
with security
token)
Yes* Yes*
SMS Yes* No
Smart card Yes Yes* Yes*
User
certificate
Yes (Citrix
Gateway
plug-in)
Yes (Citrix
Gateway
plug-in)
*Available only for Workspace for Web sites and for deployments that include Citrix Gateway, with or
without installing the associated plug-in on the device.
For connections to the Web Interface 5.4, Citrix Workspace app for iOS supports the following authen-
tication methods:
© 1999-2020 Citrix Systems, Inc. All rights reserved. 25
Citrix Workspace app for iOS
Note:
Web Interface uses the term Explicit to represent domain and security token authentication.
Web Interface
(browsers)
Web Interface
XenApp Services
site
Citrix Gateway to
Web Interface
(browser)
Citrix Gateway to
Web Interface
XenApp Services
site
Anonymous Yes
Domain Yes Yes Yes*
Domain
pass-through
Yes
Security token Yes*
Two-factor
authentication
(domain with
security token)
Yes*
SMS Yes*
Smart card
User certificate Yes (Require
Citrix Gateway
plug-in)
Certificates
Private (self-signed) certificates
When a private certificate is installed on the remote gateway, the root certificate for the organization’s
certificate authority must be installed on the device to successfully access Citrix resources using Citrix
Workspace app for iOS.
Note:
If the remote gateway’s certificate cannot be verified upon connection (because the root certifi-
cate is not included in the local keystore), an untrusted certificate warning appears. If a user
chooses to continue through the warning, a list of applications is displayed; however, applica-
tions fail to start.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 26
Citrix Workspace app for iOS
Manually installed certificate
In iOS 10.3 and later, a certificate included in a profile that you install manually is not automatically
trusted for SSL. To trust manually installed certificate profiles in iOS:
1. Make sure you have installed the certificate profile on the device.
2. Go to Settings > General > About > Certificate Trust Settings.
Each root that has been installed through a profile appears under Enable Full Trust For Root
Certificates.
3. You can toggle trust on or o for each root.
Import root certificates on iPad and iPhone devices
Obtain the root certificate of the certificate issuer and email it to an email account configured on your
device. When clicking the attachment, you are asked to import the root certificate.
Wildcard certificates
Wildcard certificates are used in place of individual server certificates for any server within the same
domain. Citrix Workspace app for iOS supports wildcard certificates.
Intermediate certificates and Citrix Gateway
When your certificate chain includes an intermediate certificate, the intermediate certificate must be
appended to the Citrix Gateway (or Access Gateway) server certificate. Also, for Access Gateway instal-
lations, see Knowledge Center article CTX114146 that matches your edition.
RSA SecurID authentication is supported for Secure Gateway configurations (through the Web Inter-
face only) and all supported Access Gateway configurations.
Citrix Workspace app for iOS supports all authentication methods supported by Access Gateway.
Joint Server Certificate Validation Policy
Releases of Citrix Workspace app for iOS have a stricter validation policy for server certificates.
Important
Before installing Citrix Workspace app for iOS, confirm that the certificates at the server or gate-
way are correctly configured as described here. Connections may fail if:
• the server or gateway configuration includes a wrong root certificate
• the server or gateway configuration does not include all intermediate certificates
• the server or gateway configuration includes an expired or otherwise invalid intermediate
© 1999-2020 Citrix Systems, Inc. All rights reserved. 27
Citrix Workspace app for iOS
certificate
• the server or gateway configuration includes a cross-signed intermediate certificate
When validating a server certificate, Citrix Workspace app for iOS now uses all the certificates sup-
plied by the server (or gateway) when validating the server certificate. As in previous releases, Citrix
Workspace app for iOS then also checks that the certificates are trusted. If the certificates are not all
trusted, the connection fails.
This policy is stricter than the certificate policy in web browsers. Many web browsers include a large
set of root certificates that they trust.
The server (or gateway) must be configured with the correct set of certificates. An incorrect set of
certificates might cause Citrix Workspace app for iOS connections to fail.
Suppose a gateway is configured with these valid certificates. This configuration is recommended
for customers who require stricter validation, by determining exactly which root certificate is used by
Citrix Workspace app for iOS:
• “Example Server Certificate”
• “Example Intermediate Certificate”
• “Example Root Certificate”
Then, Citrix Workspace app for iOS will check that all these certificates are valid. Citrix Workspace app
for iOS will also check that it already trusts “Example Root Certificate”. If Citrix Workspace app for iOS
does not trust “Example Root Certificate”, the connection fails.
Important
Some certificate authorities have more than one root certificate. If you require this stricter valida-
tion, make sure that your configuration uses the appropriate root certificate. For example, there
are currently two certificates (“DigiCert”/”GTE CyberTrust Global Root”, and “DigiCert Baltimore
Root”/”Baltimore CyberTrust Root”) that can validate the same server certificates. On some user
devices, both root certificates are available. On other devices, only one is available (“DigiCert Bal-
timore Root”/”Baltimore CyberTrust Root”). If you configure “GTE CyberTrust Global Root” at the
gateway, Citrix Workspace app for iOS connections on those user devices will fail. Consult the cer-
tificate authority’s documentation to determine which root certificate should be used. Also note
that root certificates eventually expire, as do all certificates.
Then, Citrix Workspace app for iOS will use these two certificates. It will then search for a root certifi-
cate on the user device. If it finds one that validates correctly, and is also trusted (such as “Example
Root Certificate”), the connection succeeds. Otherwise, the connection fails. Note that this configu-
ration supplies the intermediate certificate that Citrix Workspace app for iOS needs, but also allows
Citrix Workspace app for iOS to choose any valid, trusted, root certificate.
Now suppose a gateway is configured with these certificates:
• “Example Server Certificate”
© 1999-2020 Citrix Systems, Inc. All rights reserved. 28
Citrix Workspace app for iOS
• “Example Intermediate Certificate”
• “Wrong Root Certificate”
A web browser may ignore the wrong root certificate. However, Citrix Workspace app for iOS will not
ignore the wrong root certificate, and the connection will fail.
Some certificate authorities use more than one intermediate certificate. In this case, the gateway is
normally configured with all the intermediate certificates (but not the root certificate) such as:
• “Example Server Certificate”
• “Example Intermediate Certificate 1”
• “Example Intermediate Certificate 2”
Important
Some certificateauthoritiesuse a cross-signed intermediate certificate. This is intended forsitua-
tions there is more than one root certificate, and a earlier root certificate is still in use at the same
time as a later root certificate. In this case, there will be at least two intermediate certificates. For
example, the earlier root certificate “Class 3 Public Primary Certification Authority” has the cor-
responding cross-signed intermediate certificate “VeriSign Class 3 Public Primary Certification
Authority - G5”. However, a corresponding later root certificate “VeriSign Class 3 Public Primary
Certification Authority - G5” is also available, which replaces “Class 3 Public Primary Certification
Authority”. The later root certificate does not use a cross-signed intermediate certificate.
Note
The cross-signed intermediate certificate and the root certificate have the same Subject name
(Issued To), but the cross-signed intermediate certificate has a dierent Issuer name (Issued By).
This distinguishes the cross-signed intermediate certificate from an ordinary intermediate cer-
tificate (such “Example Intermediate Certificate 2”).
This configuration, omitting the root certificate and the cross-signed intermediate certificate, is nor-
mally recommended:
• “Example Server Certificate”
• “Example Intermediate Certificate”
Avoid configuring the gateway to use the cross-signed intermediate certificate, as Citrix Workspace
app for iOS will select the earlier root certificate:
• “Example Server Certificate”
• “Example Intermediate Certificate”
• “Example Cross-signed Intermediate Certificate” [not recommended]
It is not recommended to configure the gateway with only the server certificate:
• “Example Server Certificate”
© 1999-2020 Citrix Systems, Inc. All rights reserved. 29
Citrix Workspace app for iOS
In this case, if Citrix Workspace app for iOS cannot locate all the intermediate certificates, the connec-
tion will fail.
Copied!
Failed!
Get started
June 19, 2020
Setup
Citrix Workspace app for iOS supports the configuration of Web Interface for your Citrix Virtual Apps
deployment. There are two types of Web Interface sites: XenApp Services sites and Citrix Virtual Apps
and Desktops Sites. Web Interface sites enable client devices to connect to the server farm. Authen-
tication between Citrix Workspace app for iOS and a Web Interface site can be handled using various
solutions, including Citrix Secure Web Gateway.
Also, you can configure StoreFront to provide authentication and resource delivery services for Cit-
rix Workspace app for iOS, enabling you to create centralized enterprise stores to deliver desktops,
applications, and other resources to users.
For more information about configuring connections, including videos, blogs, and a support forum,
see http://community.citrix.com.
Before your users access applications hosted in your Citrix Virtual Apps and Desktops deployment,
configure the following components in your deployment as described here.
• When publishing applications on your farms or sites, consider the following options to enhance
the experience for users accessing those applications through StoreFront stores.
– Ensure that you include meaningful descriptions for published applications because these
descriptions are visible to users in Citrix Workspace app for iOS.
– You can emphasize published applications for your mobile device users by listing the ap-
plications in the Featured list of Citrix Workspace app for iOS. To populate this list on Citrix
Workspace app for iOS, edit the properties of applications published on your servers and
append the KEYWORDS:Featured string to the value of the Application description field.
– To enable the screen-to-fit mode that adjusts the application to the screen size of mobile
devices, edit the properties of applications published on your servers and append the KEY-
WORDS:mobile string to value of the Application description field. This keyword also acti-
vates the auto-scroll feature for the application.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 30
Citrix Workspace app for iOS
– To automatically subscribe all users of a store to an application, append the KEY-
WORDS:Auto string to the description you provide when you publish the application
in Citrix Virtual Apps. When users log on to the store, the application is automatically
provisioned without users needing to manually subscribe to the application.
• If the Web Interface of your Citrix Virtual Apps and Desktops deployment does not have a Web
site or Citrix Virtual Apps and Desktops Site, create one. The name of the site and how you create
it depends on the version of Web Interface you have installed. For instructions on how to create
one of these sites, see the “Creating Sites” topic for your version of Web Interface.
Manual setup
In general, when Citrix Workspace app for iOS connects to Citrix Gateway, Citrix Workspace app for iOS
attempts to locate a XenApp Services site or Citrix Virtual Apps Web site aer authenticating. If no site
is detected, Citrix Workspace app for iOS displays an error. To avoid this situation, you can configure
an account manually so Citrix Workspace app for iOS can connect to Citrix Gateway.
1. Tap the Accounts icon in the upper right corner and then in the Accounts screen, tap the Plus
Sign (+). The New Account screen appears.
2. In the lower le corner of the screen, tap the icon to the le of Options and tap Manual setup.
Additional fields appear on the screen.
3. In the Address field, type the secure URL of the site or Citrix Gateway to which you want to con-
nect (for example, agee.mycompany.com).
4. Select one of the following connection options. The remaining fields on the screen change,
depending on your selection.
• Web Interface - Select for Citrix Workspace app for iOS to display a Citrix Virtual Apps Web
site similar to a Web browser. This is also known as Web View.
• XenApp Services - Select for Citrix Workspace app for iOS to locate a specific XenApp Ser-
vices site for which authentication through Citrix Gateway is not configured. In the addi-
tional options that appear on this screen, provide site logon credentials.
– <StoreFront FQDN>: If there are multiple stores, a list will be presented and the user
can choose the store to add.
– <StoreFront FQDN>/citrix/<Store Name>: This will add the StoreFront store <Store
Name>.
– <StoreFront FQDN>/citrix/PnAgent/config.xml: This will add the default legacy PNA-
gent store.
– <StoreFront FQDN>/citrix/<Store Name>/PnAgent/config.xml: This will add the legacy
PNAgent store associated with <Store Name>.
• Citrix Gateway - Select for Citrix Workspace app for iOS to connect to a XenApp Services
site through a specific Citrix Gateway. In the additional options on this screen, select the
© 1999-2020 Citrix Systems, Inc. All rights reserved. 31
Citrix Workspace app for iOS
server edition and its logon credentials, including whether it requires a security token for
authentication.
5. For certificate security, use the setting in the Ignore certificate warnings field to determine
whether you want to connect to the server even if it has an invalid, self-signed, or expired
certificate. The default setting is OFF.
Important: If you do enable this option, make sure you are connecting to the correct server.
Citrix strongly recommends that all servers have a valid certificate to protect user devices
from online security attacks. A secure server uses an SSL certificate issued from a certificate
authority. Citrix does not support self-signed certificates and does not recommend by-passing
the certificate security.
6. Tap Save.
7. Type your user name and password (or token, if you selected two-factor authentication), and
then tap Log On. The Citrix Workspace app for iOS screen appears, in which you can access your
desktops and add and open your apps.
StoreFront
Important:
• When using StoreFront, Citrix Workspace app for iOS supports Citrix Access Gateway Enter-
prise Edition versions from 9.3, and Citrix Gateway versions through 12.
• Citrix Workspace app for iOS supports only XenApp Services sites on Web Interface.
• Citrix Workspace app for iOS supports launching sessions from Workspace for Web, as long
as the web browser works with Workspace for Web. If launches do not occur, configure your
account through Citrix Workspace app for iOS directly. Users must manually open the ICA
file using the browser Open in Workspace function. For the limitations of this deployment,
see the StoreFront documentation.
With StoreFront, the stores you create consist of services that provide authentication and resource
delivery infrastructure for Citrix Workspace app for iOS. Create stores that enumerate and aggregate
desktops and applications from Citrix Virtual Apps and Desktops sites and Citrix Virtual Apps farms,
making these resources available to users.
1. Install and configure StoreFront. For details, see the StoreFront product documentation. For
administrators who need more control, Citrix provides a template you can use to create a down-
load site for Citrix Workspace app for iOS.
2. Configure stores for StoreFront as you would for other Citrix Virtual Apps and Desktops appli-
cations. No special configuration is needed for mobile devices. For details, see User Access
Options in the StoreFront section of Product Documentation. For mobile devices, use either of
these methods:
• Provisioning files. You can provide users with provisioning files (.cr) containing connection
details for their stores. Aer installation, users open the file on the device to configure
© 1999-2020 Citrix Systems, Inc. All rights reserved. 32
Citrix Workspace app for iOS
Citrix Workspaceapp for iOS automatically. By default, Workspace for Web sites oer users
a provisioning file for the single store for which the site is configured. Alternatively, you can
use the Citrix StoreFront management console to generate provisioning files for single or
multiple stores that you can manually distribute to your users.
• Manual configuration. You can directly inform users of the Citrix Gateway or store URLs
needed to access their desktops and applications. For connections through Citrix Gate-
way, users also need to know the product edition and required authentication method. Af-
ter installation, users type these details into Citrix Workspace app for iOS, which attempts
to verify the connection and, if successful, prompts users to log on.
• Automatic configuration. Tap Add Account on the Welcome screen and type the URL of
the StoreFront server in the address field. The configuration of the account happens auto-
matically while the account is added.
To configure Citrix Gateway
If you have users who connect from outside the internal network (for example, users who connect
from the internet of from remote locations), configure authentication through Citrix Gateway.
• When using StoreFront, Citrix Workspace app for iOS supports Citrix Access Gateway Enterprise
Edition versions from 9.3, and Citrix Gateway versions through 12.
Web Interface
To configure the Web Interface site, users with iPhone and iPad devices can launch applications
through your Web Interface site and the built-in Safari browser on the mobile device. Configure the
Web Interface site the same as you would for other Citrix Virtual Apps applications. If no XenApp
Services site is configured for the mobile device, Citrix Workspace app for iOS automatically uses
your Web Interface site. No special configuration is needed for mobile devices.
Web Interface 5.x is supported by the built-in Safari browser.
To launch applications on the iOS device
On the mobile device, users can log on to the Web Interface site using their normal logon and pass-
word.
Automatic provision for mobile devices
In StoreFront, use the Export Multi-Store Provisioning File and Export Provisioning File tasks to gener-
ate files containing connection details for stores, including any Citrix Gateway deployments and bea-
© 1999-2020 Citrix Systems, Inc. All rights reserved. 33
Citrix Workspace app for iOS
cons configured for the stores. Make these files available to users to enable them to configure Citrix
Workspace app for iOS automatically with details of the stores. Users can also obtain Citrix Workspace
app for iOS provisioning files from Workspace for Web sites.
Important:
In multiple server deployments, use only one server at a time to make changes to the configura-
tion of the server group. Ensure that the Citrix StoreFront management console is not running
on any of the other servers in the deployment. Once complete, propagate your configuration
changes to the server group so that the other servers in the deployment are updated.
1. On the Windows Start screen or Apps screen, locate and click the Citrix StoreFront tile. Select
the Stores node in the le pane of the Citrix StoreFront management console.
2. To generate a provisioning file containing details for multiple stores, in the Actions pane, click
Export Multi-Store Provisioning File and select the stores to include in the file.
3. Click Export and Save the provisioning file with a .cr extension to a suitable location on your
network.
User access information
You must provide users with the Citrix Workspace app for iOS account information they need to access
their hosted their applications, desktops, and data. You can provide this information by:
• Configuring email-based account discovery
• Providing users with a provisioning file
• Providing users with account information to enter manually
Configure email-based account discovery
You can configure Citrix Workspace app for iOS to use email-based account discovery. When config-
ured, users enter their email address rather than a server URL during initial Citrix Workspace app for
iOS installation and configuration. Citrix Workspace app for iOS determines the Access Gateway or
StoreFront server, or AppController virtual appliance associated with the email address based on Do-
main Name System (DNS) Service (SRV) records and then prompts the user to log on to access their
hosted applications, desktops, and data.
Note:
Email-based account discovery is not supported if Citrix Workspace app for iOS is connecting to
a Web Interface deployment.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 34
Citrix Workspace app for iOS
Provide users with a provisioning file
You can use StoreFront to create provisioning files containing connection details for accounts. You
make these files available to your users to enable them to configure Citrix Workspace app for iOS
automatically. Aer installing Citrix Workspace app for iOS, users simply open the .cr file on the device
to configure Citrix Workspace app for iOS. If you configure Workspace for Web sites, users can also
obtain Citrix Workspace app for iOS provisioning files from those sites.
For more information, see the StoreFront documentation.
Provide users with account information to enter manually
If providing users with account details to enter manually, ensure you distribute the following informa-
tion to enable them to connect to their hosted and desktops successfully:
• The StoreFront URL or XenApp Services site hosting resources; for example: servername.
company.com.
• For access using Citrix Gateway, provide the Citrix Gateway address and required authentication
method.
When a user enters the details for a new account, Citrix Workspace app for iOS attempts to verify the
connection. If successful, Citrix Workspace app for iOS prompts the user to log on to the account.
Copied!
Failed!
Configuration
June 19, 2020
Save passwords
Using the Citrix Web Interface Management console, you can configure the authentication method to
allow users to save their passwords. When you configure the user account, the encrypted password
is saved until the first time the user connects. Consider the following:
• If you enable password saving, Citrix Workspace app for iOS stores the password on the device
for future logons and does not prompt for passwords when users connect to applications.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 35
Citrix Workspace app for iOS
Note:
The password is stored only if users enter a password when creating an account. If no
password is entered for the account, no password is saved, regardless of the server setting.
• If you disable password saving (default setting), Citrix Workspace app for iOS prompts users to
enter passwords every time they connect.
Note:
For StoreFront direct connections, password saving is not available.
To override password saving
If you configure the server to save passwords, users who prefer to require passwords at logon can
override password saving:
• When creating the account, leave the password field blank.
• When editing an account, delete the password and save the account.
Use the Save Password feature
Citrix Workspace app for iOS has a feature that streamlines the connection process by allowing you
to save your password, which eliminates the extra step of having to authenticate a session everytime
you open Citrix Workspace app for iOS.
Note:
The save password functionality currently works with the PNA protocol. It does not work with
StoreFront native mode; however, this functionality works when StoreFront enables PNA legacy
mode.
Configure StoreFront
To configure StoreFront to enable the save password functionality:
1. If you are configuring an existing Store, go to step 3.
2. To configure a new StoreFront deployment, follow the best practices described in Install, setup,
and uninstall Citrix StoreFront.
3. Open the Citrix StoreFront management console. Ensure the base URL uses HTTPS and is the
same as the common name specified when generating your SSL certificate.
4. Select the Store you want to configure.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 36
Citrix Workspace app for iOS
5. Click Configure XenApp Service Support.
6. Enable XenApp Service support, select the Default store (optional), and Click OK.
7. Navigate to the template configuration file located at c:\inetpub\wwwroot\Citrix\<store
name>\Views\PnaConfig\.
8. Make a backup of Config.aspx.
9. Open the original Config.aspx file.
10. Edit the line <EnableSavePassword>false</EnableSavePassword> to change the false value to
true.
11. Save the edited Config.aspx file.
12. On the StoreFront server, run PowerShell with administrative rights.
13. In the PowerShell console:
a. cd “c:\Program Files\Citrix\Receiver StoreFront\Scripts”
b. Type “Set-ExecutionPolicy RemoteSigned”
c. Type “.\ImportModules.ps1”
d. Type“Set-DSServiceMonitorFeature –ServiceUrl” https://localhost:443/StorefrontMonitor
14. If you have a StoreFront group, run the same commands on all the members in the group.
Configure Citrix Gateway to save passwords
Note:
This configuration uses Citrix Gateway load balance servers.
To configure Citrix Gateway to support the save password functionality:
1. Log in to the Citrix Gateway management console.
2. Follow the Citrix best practices to create a certificate for your load balance virtual server(s).
3. On the configuration tab, navigate to Traic Management -> Load Balancing -> Servers and click
Add.
4. Enter the server name and IP address of the StoreFront server.
5. Click Create. If you have a StoreFront group, repeat step 5 for all the servers in the group.
6. On the configuration tab, navigate to Traic Management > Load Balancing > Monitor and
click Add.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 37
Citrix Workspace app for iOS
7. Enter a name for the monitor. Select STOREFRONT as the Type. At the bottom of the page,
select Secure (this is required since the StoreFront server is using HTTPS).
8. Click the Special Parameters Tab. Enter the StoreFront name configured earlier, and select the
Check Backed Services and click Create.
9. On the Configuration tab navigate to Traic Management > Load Balancing > Service Groups
and click Add.
10. Enter a name for your Service Group and set the protocol to SSL and click Ok.
11. On the right-hand of the screen under Advanced Settings, select Settings.
12. Enable Client IP and enter the following for the Header value: X-Forwarded-For and click OK.
13. On the right-hand of the screen under Advanced Settings, select Monitors. Click the arrow to
add new monitors.
14. Click the Add button and then select the Select Monitor drop down; a list of monitors (those
configured on Citrix Gateway) appears.
15. Click the radio button beside the monitor(s) you created earlier and click Select, then click Bind.
16. On the right-hand of the screen (under Advanced Settings), select Members. Click the arrow to
add new service group members.
17. Click the Add button and then select the Select Member drop down.
18. Select the Server Based radio button; a list of server members (those configured on Citrix Gate-
way) appears. Click the radio button beside the StoreFront server(s) you created earlier.
19. Enter 443 for the port number and specify a unique number for the Hash ID, then click Create,
then click Done. If everything has been configured properly, the Eective State should show a
green light, indicating that monitoring is functioning properly.
20. Navigate to TraicManagement -> Load Balancing -> Virtual Servers and click Add. Enteraname
for the server and select SSL as the protocol.
21. Enter the IP address for the StoreFront load-balanced server and click OK.
22. Select the Load Balancing Virtual Server Service Group binding, click the arrow then add the
Service Group created previously. Click OK twice.
23. Assign the SSL certificate created for the Load Balance virtual server. Select No Server Certifi-
cate.
24. Select the Load Balance server certificate from the list and click Bind.
25. Add the domain certificate to the Load Balance Server. Click No CA certificate.
26. Select the domain certificate and click Bind.
27. On the right side of the screen, select Persistence.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 38
Citrix Workspace app for iOS
28. Change the Persistence to SOURCEIP and set the time out to 20. Click Save, then click Done.
29. On your domain DNS server, add the load balance server (if not already created).
30. Launch Citrix Workspace app for iOS on your iOS device and enter the full XenApp URL.
Content Collaboration Service integration
Citrix Content Collaboration enables you to easily and securely exchangedocuments, send large docu-
ments by email, securely handle document transfers to thirdparties, and accessa collaboration space.
Citrix Content Collaboration provides many ways to work, including a web-based interface, mobile
clients, desktop apps, and integration with Microso Outlook and Gmail.
You can access Citrix Content Collaboration functionality from the Citrix Workspaceapp using the Files
tab displayed within Citrix Workspace app. You can view the Files tab only if Content Collaboration
Service is enabled in the Workspace configuration in the Citrix Cloud console.
Note:
Citrix Content Collaboration integration in Citrix Workspace app is not supported on Windows
Server 2012 and Windows Server 2016 due to a security option set in the operating system.
The following image displays example contents of the Files tab of the new Citrix Workspace app:
© 1999-2020 Citrix Systems, Inc. All rights reserved. 39
Citrix Workspace app for iOS
Limitations
• Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log o.
• Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log o.
Citrix Ready workspace hub
Citrix Ready workspace hub is enabled on Citrix Workspace app when all the following system require-
ments are met:
• Citrix Workspace app 1810.1 for iOS or later
• Bluetooth enabled
• Mobile device and workspace hub using the same Wi-Fi network
© 1999-2020 Citrix Systems, Inc. All rights reserved. 40
Citrix Workspace app for iOS
Configure
To turn on Citrix Ready workspace hub features, go to Settings and tap Citrix Casting to enable the
feature on your device. For more information, see the help documentation for the iOS devices.
Known limitation
• On VDA 7.18 and earlier, casting to a workspace hub requires the desktop or other resource you
are using to have the .h264 full-screen policy enabled and the legacy graphics policy to be dis-
abled.
Session sharing
When users log o from a Citrix Workspace app for iOS account, if there are still connections to appli-
cations or desktops, they have the option to disconnect or log o:
• Disconnect: Logs o from the account but leaves the Windows application or desktop running
on the server. The user can then start another device, launch Citrix Workspace app for iOS, and
reconnect to the last state before disconnecting from the iOS device. This option allows users
to reconnect from one device to another device and resume working in running applications.
• Log o: Logs o from the account, closes the Windows application, and logs o from the Citrix
Virtual Apps and Desktops server. This option allows users to disconnect from the server and
log o the account; when they launch Citrix Workspace app for iOS again, it opens in the default
state.
Copied!
Failed!
Authenticate
June 19, 2020
Client certificate authentication
Important:
• When using StoreFront, Citrix Workspace app for iOS supports:
– Citrix Access Gateway Enterprise Edition Version 9.3
– NetScaler Gateway Version 10.x through Version 11.0
© 1999-2020 Citrix Systems, Inc. All rights reserved. 41
Citrix Workspace app for iOS
– Citrix Gateway Version 11.1 and later.
• Client certificate authentication is supported by Citrix Workspace app for iOS.
• Only Access Gateway Enterprise Edition 9.x and 10.x (and subsequent releases) support
client certificate authentication.
• Double-source authentication types must be CERT and LDAP.
• Citrix Workspace app for iOS also supports optional client certificate authentication.
• Only P12 formatted certificates are supported.
Users logging on to a Citrix Gateway virtual server can also be authenticated based on the attributes
of the client certificate that is presented to the virtual server. Client certificate authentication can also
be used with another authentication type, LDAP, to provide double-source authentication.
To authenticate users based on the client-side certificate attributes, client authentication should be
enabled on the virtual server and the client certificate should be requested. You must bind a root
certificate to the virtual server on Citrix Gateway.
When users log on to the Citrix Gateway virtual server, aer authentication, the user name and do-
main information is extracted from the specified field of the certificate. This information must be in
the certificate’s SubjectAltName:OtherName:MicrosoUniversalPrincipalName field. It is in the
format “username@domain.”If the user name and domain are extracted successfully, and the user
provides the other required information (for example, a password), then the user is authenticated.
If the user does not provide a valid certificate and credentials, or if the username/domain extraction
fails, authentication fails.
You can authenticate users based on the client certificate by setting the default authentication type to
use the client certificate. You can also create a certificate action that defines what is to be done during
the authentication based on a client SSL certificate.
To configure the XenApp Services site
If you do not already have a XenApp Services site created, in the Citrix Virtual Apps console or Web
Interface console (depending on the version of Citrix Virtual Apps you have installed), create a XenApp
Services site for mobile devices.
Citrix Workspace app for iOS for mobile devices uses a XenApp Services site to get information about
the applications a user has rights to and presents them to the app running on the device. This is
similar to the way you use the Web Interface for traditional SSL-based Citrix Virtual Apps connections
for which a Citrix Gateway can be configured.
Configure the XenApp Services site for Citrix Workspace app for iOS for mobile devices to support
connections from a Citrix Gateway connection.
1. In the XenApp Services site, select Manage secure client access > Edit secure client access
settings.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 42
Citrix Workspace app for iOS
2. Change the Access Method to Gateway Direct.
3. Enter the FQDN of the Citrix Gateway appliance.
4. Enter the Secure Ticket Authority (STA) information.
To configure the Citrix Gateway appliance
For client certificate authentication, configure Citrix Gateway with two-factor authentication using
two authentication policies: Cert and LDAP.
1. Create a session policy on Citrix Gateway to allow incoming Citrix Virtual Apps connections from
Citrix Workspace app for iOS, and specify the location of your newly created XenApp Services
site.
• Create a session policy to identify that the connection is from Citrix Workspace app for iOS.
As you create the session policy, configure the following expression and choose Match All
Expressions as the operator for the expression:
REQ.HTTP.HEADER User-Agent CONTAINS CitrixWorkspace
• In the associated profile configuration for the session policy, on the Security tab, set De-
fault Authorization to Allow.
On the Published Applications tab, if this is not a global setting (you selected the Override
Global check box), ensure that the ICA Proxy field is set to ON.
In the Web Interface Address field, type the URL including the config.xml for the XenApp
Services site that the device users use, such as //XenAppServerName/Citrix/PNAgent/con-
fig.xml or /XenAppServerName/CustomPath/config.xml.
• Bind the session policy to a virtual server.
• Create authentication policies for Cert and LDAP.
• Bind the authentication policies to the virtual server.
• Configure the virtual server to request client certificates in the TLS handshake (on the Cer-
tificate tab, open SSL Parameters, and for Client Authentication, set Client Certificate to
Mandatory.
Important:
If the server certificate used on Citrix Gateway is part of a certificate chain (with an inter-
mediate certificate), ensure that the intermediate certificates are also installed correctly
on Citrix Gateway. For information about installing certificates, see Citrix Gateway docu-
mentation.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 43
Citrix Workspace app for iOS
To configure the mobile device
If client certificate authentication is enabled on Citrix Gateway, users are authenticated based on cer-
tain attributes of the client certificate. Aer authentication is completed successfully, the user name
and domain are extracted from the certificate and any policies specified for that user are applied.
1. From Citrix Workspace app for iOS, open the Account, and in the Server field, type the matching
FQDN of your Citrix Gateway server, such as GatewayClientCertificateServer.organization.com.
Citrix Workspace app for iOS automatically detects that the client certificate is required.
2. Users can either install a new certificate or choose one from the already installed certificate list.
For iOS client certificate authentication, the certificate must be downloaded and installed by
Citrix Workspace app for iOS only.
3. Aer selecting a valid certificate, the user name and domain fields on the logon screen is pre-
populated using the user name information from the certificate, and a user types the remaining
details, including the password.
4. If client certificate authentication is set to optional, users can skip the certificate selection by
pressing Back on the certificates page. In this case, Citrix Workspace app for iOS proceeds with
the connection and provides the user with the logon screen.
5. Aer users complete the initial log on, they can start applications without providing the cer-
tificate again. Citrix Workspace app for iOS stores the certificate for the account and uses it
automatically for future logon requests.
Smart cards
Citrix Workspace app for iOS provides support for SITHS smart cards for in-session connections only.
If you are using FIPS Citrix Gateway devices, configure your systems to deny SSL renegotiations. For
details, see Knowledge Center article CTX123680.
The following products and configurations are supported:
• Supported readers:
– Precise Biometrics Tactivo for iPad Mini Firmware version 3.8.0
– Precise Biometrics Tactivo for iPad (4th generation) and Tactivo for iPad (3rd generation)
and iPad 2 Firmware version 3.8.0
– BaiMobile® 301MP and 301MP-L Smart Card Readers
Supported VDA Smart Card Middleware
– ActiveIdentity
• Supported smartcards:
– PIV cards
– Common Access Card (CAC)
• Supported configurations:
© 1999-2020 Citrix Systems, Inc. All rights reserved. 44
Citrix Workspace app for iOS
– Smart card authentication to Citrix Gateway with StoreFront 2.x and XenDesktop 7.x or
later or XenApp 6.5 or later
To configure Citrix Workspace app for iOS to access apps
1. If you want to configure Citrix Workspace app for iOS to automatically access apps when
creating an account, in the Address field, type the matching URL of your store, such as
storefront.organization.com or netscalervserver.organization.com.
2. Select the Use Smartcard option when you are using a smart card to authenticate.
Note:
Logons to the store arevalid for about one hour. Aer that time, users must log on againto refresh
or launch other applications.
RSA SecurID authentication
RSA SecurID authentication for Citrix Workspace app for iOS is supported for Secure Web Gateway
configurations (through the Web Interface only) and all Citrix Gateway configurations.
URL scheme required for the soware token on Citrix Workspace app for iOS: The RSA SecurID
soware token used by Citrix Workspace app for iOS registers the URL scheme com.citrix.securid only.
If users have installed both the Citrix Workspace app for iOS app and the RSA SecurID app on their iOS
device, users must select the URL scheme “com.citrix.securid” to import the RSA SecurID Soware
Authenticator (soware token) to Citrix Workspace app for iOS on their devices.
To import an RSA SecurID so token
To use an RSA So Token with the Citrix Workspace app for iOS, have your users follow this procedure.
The policy for PIN length, type of PIN (numeric only, alphanumeric), and limits on PIN reuse are spec-
ified on the RSA administration server.
Your users should only need to do this once, aer they have successfully authenticated to the RSA
server. Aer your users verify their PINs, they are are also authenticated with the StoreFront server,
and it presents available, published applications and desktops.
To use an RSA so token
1. Import the RSA so token provided to you by your organization.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 45
Citrix Workspace app for iOS
2. From the email with your SecurID file attached, select Open in Workspace as the import desti-
nation. Aer the so token is imported, Citrix Workspace app for iOS opens automatically.
3. If your organization provided a password to complete the import, enter the password provided
to you by your organization and click OK. Aer clicking OK, you will see a message that the token
was successfully imported.
4. Close the import message, and in Citrix Workspace app for iOS, click the Add Account.
5. Enter the URL for the Store provided by your organization and click Next.
6. On the Log On screen, enter your credentials: user name, password, and domain. For the Pin
field, enter 0000, unless your organization has provided you with a dierent default PIN. (The
PIN 0000 is an RSA default, but your organization may have changed it to comply with their
security policies.)
7. At the top le, click Log On. Aer you click Log On, you are prompted to create a new PIN.
8. Enter a PIN from 4 to 8 digits and click OK.
9. You are then prompted to verify your new PIN. Re-enter your PIN and click OK. Aer clicking OK,
you will be able to access your apps and desktops.
Next Token Code
If you configure Citrix Gateway for RSA SecurID authentication, Citrix Workspace app for iOS supports
Next Token Code. With this feature enabled, if a user enters three (by default) incorrect passwords,
the Citrix Gateway plug-in prompts the user to wait until the next token is active before logging on.
The RSA server can be configured to disable a user’s account if a user logs on too many times with an
incorrect password.
Derived credentials
Support for Purebred derived credentials within Citrix Workspace app for iOS is available. When con-
necting to a Store that allows derived credentials, users can log on to Citrix Workspace app for iOS
using a virtual smart card. This feature is supported only on on-premises deployments.
Note:
Citrix Virtual Apps and Desktops 7 1808 or later is required to use this feature.
To enable derived credentials in Citrix Workspace app for iOS:
1. Go to Settings > Advanced > Derived Credentials.
2. Tap Use Derived Credentials.
Then, to create a virtual smart card to use with derived credentials:
© 1999-2020 Citrix Systems, Inc. All rights reserved. 46
Citrix Workspace app for iOS
1. In Settings > Advanced > Derived Credentials, tap Add New Virtual Smart Card.
2. Edit the name of the virtual smart card.
3. Enter an 8-digit numeric-only PIN and confirm.
4. Tap Next.
5. Under Authentication Certificate, tap Import Certificate…
6. The document picker displays. Tap Browse.
7. Under Locations, select Purebred Key Chain.
8. Select the desired authentication certificate from the list.
9. Tap Import Key.
10. Repeat steps 5–9 for the Digital Signature Certificate and the Encryption Certificate, if desired.
11. Tap Save.
You can import up to three certificates for your virtual smart card. The authentication certificate is
required for the virtual smart card to work properly. The encryption certificate and digital signature
certificate can be added for use inside of a VDA session.
Note:
When connecting to an HDX session, the created virtual smart card is redirected into the session.
Known limitations
• Users can only have one active card at a time.
• Once a virtual smart card is created, it cannot be edited. To make changes to the virtual smart
card, users must delete the card and create a new card.
• A PIN can be invalid up to 10 times. Aer the tenth attempt, the virtual smart card gets deleted.
• When derived credentials are selected, the virtual smart card that was created earlier overrides
a physical smart card when a smart card is needed in a session.
Copied!
Failed!
Secure
June 19, 2020
To secure the communication between your server farm and Citrix Workspace app for iOS, you can
integrate your connections to the server farm with a range of security technologies, including Citrix
Gateway.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 47
Citrix Workspace app for iOS
Note:
Citrix recommends using Citrix Gateway to secure communications between StoreFront servers
and users’ devices.
• A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy
server). You can use proxy servers to limit access to and from your network and to handle con-
nections between Citrix Workspace app for iOS and servers. Citrix Workspace app for iOS sup-
ports SOCKS and secure proxy protocols.
• Secure Web Gateway. You can use Secure Web Gateway with Web Interface to provide a sin-
gle, secure, encrypted point of access through the Internet to servers on internal corporate net-
works.
• SSL Relay solutions with Transport Layer Security (TLS) protocols.
• A firewall. Network firewalls can allow or block packets based on the destination address and
port. If you are using Citrix Workspace app for iOS through a network firewall that maps the
server’s internal network IP address to an external Internet address (that is, network address
translation, or NAT), configure the external address.
Citrix Gateway
To enable remote users to connect to your Citrix Endpoint Management deployment through Citrix
Gateway, you can configure certificates to work with StoreFront. The method for enabling access de-
pends on the edition of Citrix Endpoint Management in your deployment.
If you deploy Citrix Endpoint Management in your network, allow connections from internal or remote
users to StoreFront through Citrix Gateway by integrating Citrix Gateway with StoreFront. This deploy-
ment allows users to connect to StoreFront to access published applications from XenApp and virtual
desktops from XenDesktop. Users connect through Citrix Workspace app for iOS.
Secure Web Gateway
This topic applies only to deployments using the Web Interface.
You can use the Secure Web Gateway in either Normal mode or Relay mode to provide a secure chan-
nel for communication between Citrix Workspace app for iOS and the server. No configuration of Citrix
Workspace app for iOS is required if you are using the Secure Web Gateway in Normal mode and users
are connecting through the Web Interface.
Citrix Workspace app for iOS uses settings that are configured remotely on the Web Interface server
to connect to servers running the Secure Web Gateway.
If the Secure Web Gateway Proxy is installed on a server in the secure network, you can use the Se-
cure Web Gateway Proxy in Relay mode. If you are using Relay mode, the Secure Web Gateway server
© 1999-2020 Citrix Systems, Inc. All rights reserved. 48
Citrix Workspace app for iOS
functions as a proxy and you must configure Citrix Workspace app for iOS to use:
• The fully qualified domain name (FQDN) of the Secure Web Gateway server.
• The port number of the Secure Web Gateway server. Note that Relay mode is not supported by
Secure Web Gateway Version 2.0.
The FQDN must list, in sequence, the following three components:
• Host name
• Intermediate domain
• Top-level domain
For example, my_computer.example.com is a FQDN, because it lists, in sequence, a host name
(my_computer), an intermediate domain (example), and a top-level domain (com). The combination
of intermediate and top-level domain (example. com) is generally referred to as the domain name.
Proxy server
Proxy servers are used to limit access to and from your network, and to handle connections between
Citrix Workspace app for iOS and servers. Citrix Workspace app for iOS supports both SOCKS and
secure proxy protocols.
When communicating with the Citrix Virtual Apps and Desktops server, Citrix Workspace app for iOS
uses proxy server settings that are configured remotely on the Web Interface server.
When communicating with the Web server, Citrix Workspace app for iOS uses the proxy server settings
that are configured for the default web browser on the user device. You must configure the proxy
server settings for the default web browser on the user device accordingly.
Firewall
Network firewalls can allow or block packets based on the destination address and port. If you are us-
ing a firewall in your deployment, Citrix Workspace app for iOS must be able to communicate through
the firewall with both the web server and Citrix server. The firewall must permit HTTP traic (oen
over the standard HTTP port 80 or 443 if a secure Web server is in use) for user device to Web server
communication. For Citrix server communication, the firewall must permit inbound ICA traic on
ports 1494 and 2598.
If the firewall is configured for Network Address Translation (NAT), you can use Web Interface to define
mappings from internal addresses to external addresses and ports. For example, if your Citrix Virtual
Apps and Desktops server is not configured with an alternate address, you can configure Web Interface
to provide an alternate address to Citrix Workspace app for iOS. Citrix Workspace app for iOS then
connects to the server using the external address and port number.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 49
Citrix Workspace app for iOS
TLS
Citrix Workspace app for iOS supports TLS 1.0, 1.1 and 1.2 with the following cipher suites for TLS con-
nections to XenApp/XenDesktop:
• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_RC4_128_MD5
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
Note:
Citrix Workspace app for iOS running on iOS 9 and later does not support the following TLScipher
suites:
• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_RC4_128_MD5
Transport Layer Security (TLS) is the latest, standardized version of the TLS protocol. The Internet
Engineering Taskforce (IETF) renamed it TLS when it took over responsibility for the development of
TLS as an open standard.
TLS secures data communications by providing server authentication, encryption of the data stream,
and message integrity checks. Some organizations, including U.S. government organizations, require
the use of TLS to secure data communications. These organizations may also require the use of val-
idated cryptography, such as Federal Information Processing Standard (FIPS) 140. FIPS 140 is a stan-
dard for cryptography.
Citrix Workspace app for iOS supports RSA keys of 1024, 2048, and 3072-bit lengths. Root certificates
with RSA keys of 4096-bit length are also supported.
Note:
Citrix Workspace app for iOS uses platform (iOS) crypto for connections between Citrix
Workspace app for iOS and StoreFront.
Configure and enable TLS
There are two main steps involved in setting up TLS:
1. Set up SSL Relay on your Citrix Virtual Apps and Desktops server and your Web Interface server
and obtain and install the necessary server certificate.
2. Install the equivalent root certificate on the user device.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 50
Citrix Workspace app for iOS
Install root certificates on user devices
To use TLS to secure communications between TLS-enabled Citrix Workspace app for iOS and Citrix
Virtual Apps and Desktops, you need a root certificate on the user device that can verify the signature
of the Certificate Authority on the server certificate.
iOS comes with about 100 commercial root certificates preinstalled, but if you want to use a dierent
certificate, you can obtain one from the Certificate Authority and install it on each user device.
Depending on your organization’s policies and procedures, you may want to install the root certificate
on each user device instead of directing users to install it. The easiest and safest way is to add root
certificates to the iOS keychain.
To add a root certificate to the keychain
1. Send yourself an email with the certificate file.
2. Open the certificate file on the device. This automatically starts the Keychain Access applica-
tion.
3. Follow the prompts to add the certificate.
4. Starting with iOS 10, verify that the certificate is trusted by going to iOS Settings > About > Certifi-
cate Trust Setting. Under Certificate Trust Settings, see the section “ENABLE FULL TRUST FOR
ROOT CERTIFICATES.” Make sure that your certificate has been selected for full trust.
The root certificate is installed and can be used by TLS-enabled clients and by any other application
using TLS.
XenApp Services site
To configure the XenApp Services site:
Important:
• Citrix Secure Gateway 3.x is supported by Citrix Workspace app for iOS using XenApp Ser-
vices sites.
• Citrix Secure Gateway 3.x is supported by Citrix Workspace app for iOS using Citrix Virtual
Apps Web sites.
• Only single-factor authentication is supported on XenApp Services sites, and both single-
factor and dual factor are supported on Citrix Virtual Apps Web sites.
• You must use Web Interface 5.4, which is supported by all built-in browsers.
Before beginning this configuration, install and configure Citrix Gateway to work with Web Interface.
You can adapt these instructions to fit your specific environment.
If you are using a Citrix Secure Gateway connection, do not configure Citrix Gateway settings on Citrix
Workspace app for iOS.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 51
Citrix Workspace app for iOS
Citrix Workspace app for iOS uses a XenApp Services site to get information about the applications a
user has rights to and presents them to Citrix Workspace app for iOS running on the device. This is
similar to the way you use the Web Interface for traditional SSL-based Citrix Virtual Apps connections
for which a Citrix Gateway can be configured. XenApp Services sites running on the Web Interface 5.x
have this configuration ability built in.
Configure the XenApp Services site to support connections from a Citrix Secure Gateway connection:
1. In the XenApp Services site, select Manage secure client access > Edit secure client access set-
tings.
2. Change the Access Method to Gateway Direct.
3. Enter the FQDN of the Secure Web Gateway.
4. Enter the Secure Ticket Authority (STA) information.
Note:
For the Citrix Secure Gateway, Citrix recommends using the Citrix default path for this site (//X-
enAppServerName/Citrix/PNAgent). The default path enables your users to specify the FQDN of
the Secure Web Gateway they are connecting to instead of the full path to the config.xml file that
resides on the XenApp Services site (such as //XenAppServerName/CustomPath/config.xml).
To configure the Citrix Secure Gateway
1. On the Citrix Secure Gateway, use the Citrix Secure Gateway Configuration wizard to configure
the Citrix Secure Gateway to work with the server in the secure network hosting the XenApp Ser-
vice site. Aer selecting the Indirect option, enter the FQDN path of your Secure Web Gateway
Server and continue the wizard steps.
2. Test a connection from a user device to verify that the Secure Web Gateway is configured cor-
rectly for networking and certificate allocation.
To configure the mobile device
1. When adding a Citrix Secure Gateway account, enter the matching FQDN of your Citrix Secure
Gateway server in the Address field:
• If you created the XenApp Services site using the default path (/Citrix/PNAgent), enter the
Secure Web Gateway FQDN: FQDNofSecureGateway.companyName.com
• If you customized the path of the XenApp Services site, enter the full path of the config.xml
file, such as: FQDNofSecureGateway.companyName.com/CustomPath/config.xml
2. If you are manually configuring the account, then turn o the Citrix Gateway option New Ac-
count dialog.
Copied!
Failed!
© 1999-2020 Citrix Systems, Inc. All rights reserved. 52
Citrix Workspace app for iOS
Troubleshoot
June 19, 2020
Disconnected sessions
Users can disconnect (but not log o) from a Citrix Workspace app for iOS session in the following
ways:
• While viewing a published app or desktop in session:
– tap the arrow at the top of the screen to expose the in-session drop down menu.
– tap the Home button to return to the launch pad.
– notice the white shadow under the icon of one of the published apps that are still in an
active session; tap the icon.
– tap disconnect.
• Close Citrix Workspace app for iOS:
– double tap the device’s Home button.
– locate Citrix Workspace app for iOS in the iOS app switcher view.
– tap disconnect in the dialog that appears.
• Pressing the home button on their mobile device.
• Tapping Home or Switch in the app’s drop-down menu.
The session remains in a disconnected state. Although the user can reconnect at a later time, you can
ensure disconnected sessions are rendered inactive aer a specific interval. To do this, configure a
session timeout for the ICA-tcp connection in Remote Desktop Session Host Configuration (formerly
known as “Terminal Services Configuration”). For more information about configuring Remote Desk-
top Services (formerly known as “Terminal Services”), refer to the Microso Windows Server product
documentation.
Expired passwords
Citrix Workspace app for iOS supports the ability for users to changetheir expiredpasswords. Prompts
appear for users to enter the required information.
Jailbroken devices
Your users can compromise the security of your deployment by connecting with jailbroken iOS de-
vices. Jailbroken devices are those whose owners have modified them, usually with the eect of by-
passing certain security protections.
© 1999-2020 Citrix Systems, Inc. All rights reserved. 53
Citrix Workspace app for iOS
When Citrix Workspace app for iOS detects a jailbroken iOS device, Citrix Workspace app for iOS dis-
plays an alert to the user. To further help to secure your environment, you can configure StoreFront
or Web Interface to help to prevent detected jailbroken devices from running apps.
Requirements
• Citrix Receiver for iOS 6.1 or later
• StoreFront 3.0 or Web Interface 5.4 or later
• Access to StoreFront or Web Interface through an administrator account
To help to prevent detected jailbroken devices from running apps
1. Log onto your StoreFront or Web Interface server as a user who has administrator privileges.
2. Find the file default.ica, which is in one of the following locations:
• C:\inetpub\wwwroot\Citrix\storename\conf (Microso Internet Information Services)
• C:\inetpub\wwwroot\Citrix\storename\App_Data (Microso Internet Information
Services)
• ./usr/local/tomcat/webapps/Citrix/XenApp/WEB-INF (Apache Tomcat)
3. Under the section [Application], add the following: AllowJailBrokenDevices=OFF
4. Save the file and restart your StoreFront or Web Interface server.
Aer you restart the StoreFront server, users who see the alert about jailbroken devices cannot launch
apps from your StoreFront or Web Interface server.
To allow detected jailbroken devices to run apps
If you do not set AllowJailBrokenDevices, the default is to display the alert to users of jailbroken de-
vices but still allow them to launch applications.
If you want to specifically allow your users to run applications on jailbroken devices:
1. Log onto your StoreFront or Web Interface server as a user who has administrator privileges.
2. Find the file default.ica, which is in one of the following locations:
• C:\inetpub\wwwroot\Citrix\
storename
\conf
(Microso Internet Information Services)
• C:\inetpub\wwwroot\Citrix\storename\App_Data (Microso Internet Information
Services)
• ./usr/local/tomcat/webapps/Citrix/XenApp/WEB-INF (Apache Tomcat)
3. Under the section [Application] add the following: AllowJailBrokenDevices=ON
© 1999-2020 Citrix Systems, Inc. All rights reserved. 54
Citrix Workspace app for iOS
4. Save the file and restart your StoreFront or Web Interface server.
When you set AllowJailBrokenDevices to ON, your users see the alert about using a jailbroken device,
but they can run applications through StoreFront or Web Interface.
Loss of HDX audio quality
From Citrix Virtual Apps and Desktops, HDX audio to Citrix Workspace app for iOS might lose quality
when using audio and video simultaneously. This issue occurs when the Citrix Virtual Apps and Desk-
tops HDX policies cannot handle the amount of audio data with the video data. For suggestions about
how to create policies to improve audio quality, see Knowledge Center article CTX123543.
Numeric keys and special characters
If numeric keys or Chinese IME characters do not work properly, disable the Unicode Keyboard option.
To do so, go to Settings > Keyboard Options > and set Use Unicode Keyboard to O.
Slow connections
If you experience slow connections to the XenApp Services site, or issues such as missing application
icons or “Protocol Driver Error” messages, as a workaround, on the Citrix Virtual Apps server and Citrix
Secure Web Gateway or Web Interface server, disable the following Citrix PV Ethernet Adapter Proper-
ties for the network interface (all enabled by default):
• Large Send Oload
• Oload IP Checksum
• Oload TCP Checksum
• Oload UDP Checksum
No server restart is needed. This workaround applies to Windows Server 2003 and 2008 32-bit. Win-
dows Server 2008 R2 is not aected by this issue.
Copied!
Failed!
© 1999-2020 Citrix Systems, Inc. All rights reserved. 55
Locations
Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309, United States
Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054, United States
© 2020 Citrix Systems, Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of
Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Oice
and in other countries. All other marks are the property of their respective owner(s).
Citrix Product Documentation | docs.citrix.com July 13, 2020
