Product Documentation

Workspace configuration

This article shows administrators how to configure workspaces for subscribers, who might be using one or more services available from Citrix Cloud.

Workspace overview

A workspace is part of a digital workspace solution that enables IT to securely deliver access to apps from any device.

This screenshot is an example of what the workspace experience looks like to your subscribers. This interface is evolving and may look different to what your subscribers are working with today. For example, it might say “StoreFront” at the top of the page instead of “Workspace.”

For an overview of changes to the workspace experience, see What’s new in the workspace experience and look out for Citrix Cloud: What’s New blogs.

Workspace Apps page

Workspace users

The workspace experience is initially available to subscribers of:

  • XenApp Essentials Service. XenApp Essentials offers secure access to virtual Windows apps. This service includes a workspace URL, enabled by default, usually in the format: Follow the steps to set up XenApp Essentials, then test and share the workspace URL link with your subscribers to give them access to their apps.

  • XenDesktop Essentials Service. XenDesktop Essentials offers secure access to Windows 10 virtual desktops. This service includes a workspace URL, enabled by default, usually in the format: Follow the steps to set up XenDesktop Essentials, then test and share the workspace URL link with your subscribers to give them access to their desktops.

  • XenApp and XenDesktop Service. The XenApp and XenDesktop Service offers secure access to virtual apps and desktops. This service includes a workspace URL, enabled by default, usually in the format: Follow the steps to set up the XenApp and XenDesktop Service, then test and share the workspace URL link with your subscribers to give them access to their apps and desktops. Your subscribers can access the workspace URL without any additional configuration.

Important: Workspace Configuration and the new workspace experience are available to all XenApp Essentials Service customers, to all new (from December 2017) XenApp and XenDesktop Service customers, and to new XenDesktop Essentials customers.

Further updates will follow for existing XenApp and XenDesktop Service customers, and for existing XenDesktop Essentials Service customers. Currently, these customers continue to use StoreFront as outlined in the XenApp and XenDesktop Service StoreFront article, and in the XenDesktop Essentials article.

Change access to workspaces

In Citrix Cloud > Workspace Configuration > Access, Workspace is enabled and ready to use.

Workspace Configuration menu option

Note: In XenApp Essentials, Workspace Configuration is available from the Citrix Cloud menu after you create the first catalog.

Access console page

Disable workspace integration for a service

You can disable workspace integration for specific services. This does not disable the workspace URL, however it disables the data and applications for a service.

To disable workspace integration for a service:

  1. Go to Workspace Configuration > Service Integrations.
  2. Select the ellipsis button (…) next to the service, and Disable.

Important: Disabling workspace integration blocks subscriber access for that service. Subscribers will no longer have access to data and applications from that service in Citrix Workspace.

Service Integrations console page

Disable Workspace Access Warning message

Customize the workspace URL

The first part of the workspace URL is customizable. You can change the URL from, for example,, to

Important: The first part of the workspace URL represents the company or organization using the Citrix Cloud account, and must comply with the Citrix End User Services Agreement. Any misuse of a third party’s intellectual property rights including trademarks may result in the revocation and reassignment of the workspace URL and/or the suspension of the Citrix Cloud account.

From the Citrix Cloud menu, go to Workspace Configuration > Access, and select the Change link next to the workspace URL.

Guidance for new URLs:

  • The customizable part of the URL (“newexample”) must be between 6 and 63 characters long. If you want to change the customizable part of the URL to fewer than 6 characters, please open a ticket in Citrix Cloud.
  • Must consist of only letters and numbers.
  • Cannot include Unicode characters.
  • When you rename a URL, the old URL is immediately removed and no longer available.
  • If you change the workspace URL, your subscribers cannot access their workspaces until the new URL is active (takes about 10 minutes). You’ll also need to tell them what the new URL is and manually update all local Citrix Receiver apps to use the new URL.

External connectivity

Provide secure access for your remote subscribers by adding NetScaler Gateways to the resource locations.

You can add NetScaler Gateways from Workspace Configuration > Access > External Connectivity or from Citrix Cloud > Resource Locations.

Workspace external access settings

Note: The External Connectivity part of the Workspace Configuration > Access page is not available in XenApp Essentials. The XenApp Essentials Service uses the NetScaler Gateway Service, which requires no additional configuration.

Change authentication to workspaces

As an administrator, you can choose to have your subscribers (end users) authenticate to their workspaces using either Active Directory or Azure Active Directory.

Step-by-step deployment guide for federated authentication to workspaces using Azure Active Directory: Enable federated authentication using Azure Active Directory


  • Windows Server 2016 VDAs are not currently recommended.
  • If you are using Azure Active Directory (AAD), do not make the registry change described in CTX225819. Making this change may cause session launch failures for AAD users.
  • Switching authentication modes can take up to 5 minutes and causes an outage to your subscribers during that time.
  • Adding a group as a member of another group (nesting) is not supported for federated authentication using Azure Active Directory. If you do assign a nested group to a catalog, members of that group will not be able to access apps from the catalog.
  • To close Citrix Workspace, use the Log Off option from the Settings menu. This completes the log off process from the workspace and Azure AD. If subscribers close the browser instead of using the Log Off option, they may still be signed in to Azure AD.
  • Important: If Citrix Workspace times out in the browser due to inactivity, subscribers are not logged off Azure AD. This is by design, to prevent a Citrix Workspace time out forcing other Azure AD applications to close.

Customize the appearance of workspaces

To customize how subscribers see their workspace, change the settings in Workspace Configuration > Customize > Appearance and Save.

Customize console page

Changes to the workspace appearance take effect right away. Local Citrix Receiver apps may take around five minutes for the updated user interface to display.

Logo Required Dimensions Max. size Supported formats
Sign-in logo 350 x 120 pixels 2 MB JPEG, JPG, or PNG
After sign-in logo 340 x 80 pixels 2MB JPEG, JPG, or PNG

Logos that do not match the required dimensions may appear distorted.

The Sign-in logo appears to the left of the workspace sign-in form. You can replace the Citrix logo with your own. The colors and branding of the rest of the sign-in page are not affected.

Sign in logo page

Changes to the sign-in logo do not impact users who authenticate to their workspace using Azure Active Directory. For more information on how to add company branding to your sign-in page in Azure AD, see the Microsoft documentation.

The After Sign-in logo appears at the top left of the workspace.

The Content Branding colors change the header background, text and icon color, and the highlight color (“Link color”) in the workspace.

After Sign-in Appearance settings

The Link color is used in link text, the expanded card, and the icon color of the settings in card layout.

Expanded card

Expanded card view

Settings icon color

Settings icon color

Customize workspace preferences

Customize how subscribers interact with their workspace in Workspace Configuration > Customize > Preferences.

Allow Favorites

Allow Favorites is available to customers who have access to Workspace Configuration and the new workspace experience.

Preferences Favorites tab

Enabled (default). Workspace subscribers can add favorite apps to their Home page (up to a maximum of 250) by selecting the star icon.

Workspace Home

Disabled. Subscribers can’t select apps as favorites and the Home page is not available.

Note: For some existing customers (new to workspace between December 2017 and April 2018), Allow Favorites defaults to Disabled. The administrator can decide when to enable this feature for their subscribers.

  • If a subscriber adds more than the maximum (250) as a favorite, the “oldest favorite” app will be removed (or as close as possible to preserve the most recent favorites).
  • Administrators can automatically add favorite apps for subscribers by using KEYWORDS: Auto and KEYWORDS: Mandatory. These settings are available in the XenApp and XenDesktop Service in Manage > Full Configuration > Applications.
    • KEYWORDS: Auto. The application is added as a favorite, however subscribers can remove the favorite.
    • KEYWORDS: Mandatory. The application is added as a favorite, however subscribers cannot remove the favorite.

Application Settings Identification

What’s new in the workspace experience

This section gives an overview of the end user workspace experience, including recent changes.

Workspace changes for end-users

Browser support

Access workspace using Internet Explorer 11, Edge, Chrome, or Firefox.

Citrix Receiver support

Access workspace using Citrix Receiver for any of the desktop platforms (Windows, Mac, and Linux). Citrix Receiver for HTML5 and Citrix Receiver for Chrome are also supported.

Unless otherwise stated, we recommend workspace subscribers work with the latest released versions of Citrix Receiver ( For an overview of TLS and SHA2 support with Citrix Receivers, see CTX23226.

Citrix Receiver Active Directory Authentication to Citrix Workspace Azure Active Directory authentication to Citrix Workspace
Citrix Receiver for Windows Yes 4.9 LTSR CU2 and later only; 4.11 CR and later only.
Citrix Receiver for Linux Yes 13.8 or later only
Citrix Receiver for Mac Yes No
Citrix Receiver for iOS Yes (it will work, however the new workspace experience is not yet available). No
Citrix Receiver for Android Yes (it will work, however the new workspace experience is not yet available). 13.13 and later only

Card layout

Apps and desktops in your workspace are represented in a “card” layout. An expanding panel shows more details and actions.

Search everything in your workspace.

Note: Search does not currently return results of partial strings within a single word. For example, searching for 2016 will display Excel 2016 and Word 2016. Searching for 16 will not display either Excel 2016 or Word 2016.


Select the star icon to add an app to Favorites. Favorites display on your Home page. This option is configurable by your administrator, and may not be available.


Access settings from the drop-down menu. The menu contains the user name. The user name comes from the Active Directory display name. If the display name is left blank (we do not recommend this), the domain and account name display.

Select Settings for more options. You can toggle the settings page between a list and card layout.

Workspace Settings console page

  • Activate Citrix Receiver. Downloads a file that adds this workspace to your local Citrix Receiver app.
  • Change Citrix Receiver. Opens a page that checks for a local Citrix Receiver app. Not available in Internet Explorer 11.
  • Download Citrix Receiver. Downloads a Citrix Receiver installation file to your machine. Run the file to install a local Citrix Receiver app for Windows or Mac.

Working with local (native) Citrix Receiver apps

New customers. If you are new to the workspace experience, you’ll get the latest version of the user interface as soon as it is available. You can access the workspace experience from your browser or from a local Citrix Receiver app.

Existing customers. If you have been working with an earlier version of the workspace experience, it can take around five minutes for the updated user interface to display in local Citrix Receiver apps. You may temporarily see an older version of the user interface.

Changes to your service. If you have changed your service subscription, you may need to refresh the local Receiver app manually. In Citrix Receiver for Windows:

  1. From the Windows system tray, right-click the Citrix Receiver icon, and click Advanced Preferences > Reset Receiver.
  2. Open Citrix Receiver for Windows, then select Accounts > Add, and enter the workspace address, for example,

Citrix Receiver Add Account dialog

As an alternative to step 2, you can use a browser to enter the workspace URL and sign in. Then, activate Citrix Receiver from Settings > Account Settings > Activate Citrix Receiver. Activating Citrix Receiver downloads a file with a .CR extension that adds the workspace to your local Citrix Receiver app.