What’s new

V14.5 (June 01, 2022)

  • Adaptive Authentication service

    Adaptive Authentication is now generally available (GA). For detailed information about Adaptive Authentication, see Adaptive Authentication service.

    [CGS-6510]

V14.2 (April 04, 2022)

  • Rebranding changes

    Citrix Secure Workspace Access service is now rebranded to Citrix Secure Private Access service.

    [ACS-2322]

  • Admin guided workflow for easy onboarding and set up

    Secure Private Access now has a new streamlined admin experience with step-by-step process to configure Zero Trust Network Access to SaaS apps, internal web apps, and TCP apps. It includes configuration of Adaptive Authentication, applications including user subscription, adaptive access policies, and others within a single admin console. For details see, Admin-guided workflow for easy onboarding and set up.

    This feature is now generally available (GA).

    [ACS-1102]

  • Secure Private Access dashboard

    The Secure Private Access dashboard provides admins full visibility into their top apps, top users, connectors health status, bandwidth usage, and in a single place for consumption. This data is fetched from Citrix Analytics. For details, see Secure Private Access dashboard.

    This feature is now generally available (GA).

    [ACS-1169]

  • Direct access to Enterprise web apps

    Customers can now enable Zero Trust Network Access (ZTNA) to internal web apps, directly from native web browsers such as Chrome, Firefox, Safari, and Microsoft Edge. For details, see Direct access to Enterprise web apps.

    This feature is now generally available (GA).

  • ZTNA agent-based access to TCP/HTTPS apps

    Citrix customers can now enable Zero Trust Network Access (ZTNA) to all client-server applications and IP/Port based resources, in addition to internal web apps. For details, see Support for client-server apps.

    This feature is now generally available (GA).

    [ACS-970]

  • Adaptive access and security controls for Enterprise Web, TCP, and SaaS applications

    The Citrix Secure Private Access service adaptive access feature offers a comprehensive Zero Trust Network Access (ZTNA) approach that delivers secure access to the applications. Adaptive access enables admins to provide granular level access to the apps that users can access based on the context. The term “context” here refers to:

    • Users and groups (users and user groups)
    • Devices (desktop or mobile devices)
    • Location (geo-location or network location)
    • Device posture (device posture check)
    • Risk (user risk score)

    For details, see Adaptive access and security controls for Enterprise Web, TCP, and SaaS applications.

    This feature is now generally available (GA).

    [ACS-878, ACS-879, ACS-882]

  • Audit logs for Secure Private Access

    The Citrix Secure Private Access service related events are now captured in the Citrix Cloud > System Log. For details, see Audit logs.

    This feature is now generally available (GA).

    [ACS-876]

  • Diagnostic logs for Enterprise Web and SaaS apps access

    The Citrix Secure Private Access events are now integrated with Citrix Analytics. Citrix Analytics provides a public endpoint that enables admins to access and download the events. These events can be accessed through a PowerShell script. For details, see Diagnostic logs for Enterprise Web and SaaS apps access.

    This feature is now generally available (GA).

    [ACS-805]

  • Adaptive authentication service

    Citrix Cloud customers can now use Citrix Workspace to provide adaptive authentication to Citrix Virtual Apps and Desktops. Adaptive authentication is a Citrix Cloud service that enables advanced authentication for customers and users logging in to Citrix Workspace. Adaptive Authentication service is a Citrix managed and Citrix Cloud hosted ADC. For details, see Adaptive authentication service.

    This feature is in preview.

    [CGS-6510]

V13.4 (February 16, 2022)

  • Support for client-server apps With the support for client-server applications within Citrix Secure Private Access, you can now eliminate the dependency on a traditional VPN solution to provide access to all private apps for remote users.

    For details, see Support for client-server apps - Preview

    [ACS-870]

V12.1 (October 11, 2021)

  • Merger of Citrix Gateway service tile into a single Secure Private Access in Citrix Cloud

    The Citrix Gateway service tile is now merged into a single Secure Private Access in Citrix Cloud.

    • All Secure Private Access customers, including Citrix Workspace Essentials and Citrix Workspace Standard, can now use one single Secure Private Access tile for configuring SaaS and Enterprise web apps, enhanced security controls, contextual policies, in addition to web filtering policies.
    • All Citrix DaaS customers can still enable the Citrix Gateway service as the HDX proxy from Workspace Configuration. However, the shortcut to enable Citrix Gateway service from the gateway service tile is removed. You can enable the Citrix Gateway service from Workspace configuration > Access > External Connectivity. For details, see External connectivity. There is no change in the functionality, otherwise.

    [NGSWS-16761]

V11.4 (July 30, 2021)

  • Contextual access and security controls for the Enterprise Web and SaaS apps based on user’s geographic location

    The Citrix Secure Private Access service now supports contextual access to the Enterprise Web and SaaS apps based on the user’s geographic location.

    [ACS-833]

  • Option to hide a specific Web or a SaaS app from Citrix Workspace portal

    Admins can now hide a specific Web or SaaS app from the Citrix Workspace portal. When an app is hidden from the Citrix Workspace portal, the Citrix Gateway service does not return this app during enumeration. However, users can still access the hidden app.

    [ACS-944]

V10.5 (June 09, 2021)

  • Route table to define the rules to route the app traffic

    Admins can now use the route table to define the rules to route the app traffic directly to the internet or through the Citrix Gateway Connector. The admins can define the route type for the apps as External, Internal, Internal-Bypass Proxy, or External via Gateway Connector depending on how they want to define the traffic flow.

    [ACS-243]

V10.4 (May 22, 2021)

  • Contextual access to Enterprise Web and SaaS applications

    The Citrix Secure Private Access service contextual access feature offers a comprehensive zero-trust access approach that delivers secure access to the applications. Contextual access enables admins to provide granular level access to the apps that users can access based on the context. The term “context” here refers to users, user groups, and the platform (mobile device or a desktop computer) from which the user is accessing the application.

    [ACS-222]

  • Rebranding of Citrix Gateway Connector user interface

    The Citrix Cloud Gateway Connector user interface is rebranded as per the Citrix branding guidelines.

    [NGSWS-17100]

V10.2 (May 01, 2021)

  • Deletion of customer data from the Citrix Secure Private Access service datastore

    Customer data, including backups, is deleted from the Citrix Secure Private Access service datastore after 90 days of service entitlement expiry.

    [ACS-388]

  • Simplified steps to federate a domain from Azure AD to Citrix Workspace

    The steps to federate a domain from Azure AD to Citrix Workspace app is now simplified for faster onboarding in Citrix Workspace. Domain federation can now be performed in the Citrix Gateway service user interface, from the Single sign on page.

    [ACS-351]

  • Enhancement to the Connectivity Test tool

    The Connectivity Test tool in the Citrix Gateway Connector is enhanced to handle timeout errors and to generate the necessary logs.

    [NGSWS-17212]

V9.6 (March 15, 2021)

  • Platform enhancements

    Various platform enhancements are made to increase reliability in propagating customer’s admin configurations to the Citrix Gateway Connectors.

    [ACS-85]

  • Improved web apps performance

    The web apps performance when the web applications are accessed from the system browser using clientless VPN has been improved.

    [NGSWS-16469]

  • Enabling Citrix Gateway Connector to use TLS1.2 Grade A or above cipher suites

    The Citrix Gateway Connector now uses TLS1.2 with Grade A or above cipher suites to connect to Citrix Cloud service and other back end servers.

    [NGSWS-16068]

V8.4 (November 11, 2020)

  • Renaming of Citrix Access Control service

    The Access Control service is now renamed as Secure Private Access.

    [NGSWS-14934]

V8.2 (October 15, 2020)

  • Enhanced security option to launch SaaS and Enterprise Web apps within Secure Browser service

    Admins can now use the enhanced security option, Select Launch application always in Citrix Secure Browser service to always launch an application in the Secure Browser service regardless of other enhanced security settings.

    [ACS-123]

V7.6 (October 8, 2020)

  • Configure session timeouts for the Citrix Secure Private Access browser extension

    Admins can now configure session timeouts for the Citrix Secure Private Access browser extension. Admins can configure this setting from the Manage tab in the Citrix Gateway service user interface.

    [NGSWS-13754]

  • RBAC control on Citrix Secure Private Access browser extension admin settings

    RBAC control is now enforced on Citrix Secure Private Access browser extension admin settings.

    [NGSWS-14427]

V7.5 (September 24, 2020)

  • Enable VPN-less access to Enterprise Web apps through a local browser

    You can now use the Citrix Secure Private Access browser extension to enable VPN-less access to Enterprise Web apps through a local browser. The Citrix Secure Private Access browser extension is supported on both Google Chrome and Microsoft Edge browsers.

    [ACS-286]

V7.1 (July 7, 2020)

  • Validate Kerberos configuration on Citrix Gateway Connector

    You can now use the Test button in the Single sign on section to validate the Kerberos configuration.

    [NGSWS-8581]

V6.6 (June 19, 2020)

  • Read-only access to admins of the Citrix Gateway service and Citrix Secure Private Access service

    Security admin teams using the Citrix Gateway service can now provide granular controls, such as read-only access to admins of the Citrix Gateway service and Citrix Secure Private Access service.

    • Admins with read-only access to the Citrix Gateway service have access to only view the app details.
    • Admins with read-only access to the Citrix Secure Private Access service can only view the content access settings.

    [ACS-205]

V6.3 (May 8, 2020)

  • New troubleshooting tools in Citrix Gateway Connector 13.0

    • Network tracing: You can now use the Trace feature to troubleshoot Citrix Gateway Connector registration issues. You can download the trace files and share it with the administrators for troubleshooting. For details, see Troubleshoot Citrix Gateway Connector registration issues.

      [NGSWS-10799]

    • Connectivity tests: You can now use the Connectivity Test feature to confirm that there are no errors in the Gateway Connector configuration and the Gateway Connector is able to connect to the URLs. For details, see Log on and set up the Citrix Gateway Connector.

      [NGSWS-8580]

V2019.04.02

  • Kerberos authentication support for Citrix Gateway Connector to outbound proxy [NGSWS-6410]

    Kerberos authentication is now supported for the traffic from Citrix Gateway Connector to the outbound proxy. Gateway Connector uses the configured proxy credentials to authenticate to the outbound proxy.

V2019.04.01

  • Web/SaaS apps traffic can now be routed via a corporate-network-hosted Gateway-Connector thus avoiding two factor authentication. If a customer has published a SaaS app that is hosted outside the corporate network, support is now added to authenticate traffic for that app to go through an on-premises Gateway Connector.

    For example, consider that a customer has an Okta protected SaaS app (like Workday). The customer might want that even though the actual Workday data traffic is not routed via the Citrix Gateway service, the authentication traffic to the Okta server is routed through the Citrix Gateway service via an on-premises Gateway Connector. This helps a customer to avoid a second factor authentication from the Okta server as the user is connecting to the Okta server from within the corporate network.

    [NGSWS-6445]

  • Disabling Filtering Website Lists and Website Categorization. Filtering Website Lists and Website Categorization can be disabled if the admin chooses not to apply these functionalities for a specific customer.

    [NGSWS-6532]

  • Automatic geo routing for secure browser service redirects. Automatic geo routing is now enabled for secure browser service redirects.

    [ NGSWS-6926]

V2019.03.01

  • “Detect” button is added in the “Add a Gateway Connector” page. The Detect button is used to refresh the list of connectors, allowing the newly added connector to reflect in the Web app connectivity section.

    [CGOP-6358]

  • A new category “Malicious and Dangerous” is added in the “Access Control Web Filtering” categories. A new category named Malicious and Dangerous in the Access Control Web Filtering categories is added under the Malware and Spam group.

    [CGOP-6205]