Citrix Secure Private Access

Secure Private Access for on-premises

As a Citrix StoreFront and NetScaler Gateway customers, you can now access the Web and SaaS apps seamlessly along with Citrix Virtual Apps and virtual desktops using the Citrix Secure Private Access solution for on-premises deployments.

The solution enables you to adopt the Zero Trust Network Access (ZTNA) solutions in a phased manner. You can also route and control data traffic through your own WAN or private links or both, and also retain part of your deployments on-premises.

In addition, the Secure Private Access solution for on-premises provides the following benefits:

  • No changes required to the existing architecture or deployments to use this solution.
  • Enables single sign-on to the apps and reduces the dependency on the traditional VPNs.
  • Enables use of Citrix Enterprise Browser that provides enhanced security controls for applications.
  • Enable contextual security controls based on the context (user group, device, network location)

Supported product versions

Ensure that your products meet the minimal version requirements.

  • Citrix Workspace app
    • Windows – 2303 and later
    • macOS – 2304 and later
  • Citrix Virtual Apps and Desktops – Supported LTSR and current versions
  • StoreFront – LTSR 2203 or non-LTSR 2212 and later
  • NetScaler Gateway – 12.1 and later


The Secure Private Access for on-premises solution configuration is a four-step process.

  1. Publish the apps
  2. Publish the policies for the apps
  3. Enable routing of traffic through NetScaler Gateway
  4. Configure authorization policies


Refer to the following documentation for additional details.

Secure Private Access for on-premises