Product Documentation

Configuration for Citrix Files

Citrix Files desktop applications authentication in Workspace

Citrix Files integrates with the authentication system used by Citrix Workspace app to provide a single sign-on experience to both Citrix Files and the Citrix Workspace app.

Users first log on through Citrix Workspace and upon next start of Citrix Files are automatically signed in using their Workspace account. Similarly, users can first sign on to Citrix Files, which automatically logs them into Citrix Workspace.

When any compatible application triggers a logoff operation, all applications that use the Workspace logon are signed off.


  • Citrix Workspace app for Windows or Mac (must be configured to Workspace Store URL)
  • Citrix Files for Windows or Mac, or Citrix Files for Outlook
  • Citrix Workspace account with a Citrix Content Collaboration entitlement


  1. Configure the Citrix Workspace app using a Workspace Store URL. The Store must contain a Citrix Content Collaboration entitlement.
  2. When prompted for authentication, log on using your Workspace credentials.
  3. Start Citrix Files. You are automatically signed on.



Any of the Workspace-compatible desktop application can issue a logoff.

To log off from Citrix Workspace app, right-click the Citrix Workspace app icon in the notification area and select Log off. This action also logs off Citrix Files, if running.


To log off from the Citrix Files app, right-click the notification area icon and select Settings. Choose Log Out to log off. This action also forces a logoff of Citrix Workspace app.


Known limitations

  • If the Store URL is not configured, or if the Store does not contain a Citrix Content Collaboration account, the Citrix Files client does not attempt Workspace authentication. Instead, it uses ShareFile authentication.
  • Citrix Files supports single sign-on only by using the primary store URL configured in Citrix Workspace app.

Authentication to network share and SharePoint connectors

Citrix Files users can access their existing data repositories such as network shares and SharePoint by creating and accessing connectors.


For information on creating and managing connectors for your account, see Create and manage StorageZone Connectors.


This configuration applies only to Citrix Files for Windows and Citrix Files for Mac.

Manual user logon to connectors

When browsing to a network share or SharePoint connector, you must first log on (unless you are using single sign-on. To log on, right-click the connector name and choose Sign in from the Windows or macOS context menu.

After you select Sign in, you are presented with a login dialog. Enter your domain user name and password. After logging on, you can browse your connector folders.

Single sign-on to connectors using NTLM or Kerberos Authentication

Active Directory domain-joined endpoints can authenticate to a network share or SharePoint connector using single sign-on, allowing you to seamlessly access browse your connector folders. You must sign into your AD-joined desktop or virtual application using domain credentials. No additional configuration is required on the Citrix Files client. For more information on configuring the StorageZone Connectors for single sign-on, see Knowledge Center article CTX218472.

Single sign-on to connectors using Citrix Workspace app

When logged on to Citrix Workspace app, you are automatically signed into the connector without the need to provide credentials again. The use of single sign-on to connect to network shares or SharePoint connectors using Workspace authentication requires StorageZones Controller version 5.4.1 or later.

In addition to installing Citrix Files for Windows or Mac, Citrix Workspace app must be installed on the endpoint and configured for the Citrix Workspace account.

Single sign-on to connectors using VDA authentication

When accessing connectors inside a VDA session through Citrix Workspace, users will be automatically signed into the connector without a need to provide credentials. In order to use single sign-on to network shares or SharePoint connectors using Workspace authentication inside a VDA environment, StorageZone Controller 5.4.1 or later is required.