Product documentation
Citrix Virtual Apps and Desktops
Service Current Release 2311 2308 2305 2303 2212 2209 2206 2203 LTSR 1912 LTSR
View PDF

FIDO2 and WebAuthn authentication

June 13, 2023
Contributed by: 
C L

Local authorization and virtual authentication using FIDO2 and WebAuthn

Users can authenticate to applications that leverage FIDO2 or WebAuthn in their virtual session using FIDO2 security keys and integrated biometrics devices with TPM 2.0 and Windows Hello.

For more information about FIDO2, see FIDO2: WebAuthn & CTAP.

For information about using this feature, see FIDO2 redirection.

NOTE

Please note that this feature does not support logging into the virtual session using WebAuthn or FIDO2. This feature only allows using these authentication methods in applications within the virtual session.

This feature is not supported in double-hop scenarios.

Supportability matrix

Session host operating system Web application authentication UWP application authentication
Windows Server 2016 Supported via USB redirection Not supported
Windows Server 2019 Supported Not supported
Windows Server 2022 Supported Supported
Windows 10 Supported Supported
Windows 11 Supported Supported

For additional information, please review the requirements below.

Web application authentication

Requirements

The following are the requirements for using FIDO2 and WebAuthn authentication with web applications:

Citrix control plane

  • Citrix Virtual Apps and Desktops 2009 or later

Session host

  • Operating system
    • Windows 10 1809 or later
    • Windows Server 2019 or later
  • VDA
    • Windows: version 2009 or later

Client device

  • Operating system
    • Windows 10 1809 or later
    • Linux: Please refer to the Workspace app for Linux system requirements
  • Workspace app
    • Windows: version 2009.1 or later
    • Linux: 2303 or later

Web browser requirements

  • 64-bit browsers only

Authentication methods supported

  • FIDO2 Security Key
  • Windows Hello
    • TPM 2.0
    • Integrated biometrics
      • Facial recognition
      • Fingerprint scanner
    • WebAuthn

UWP application authentication

With the release of Citrix Virtual Apps and Desktops 2112, Citrix supports WebAuthn and FIDO2 authentication in UWP applications.

Applications such as Microsoft Teams, Microsoft Outlook for Office 365 and OneDrive use a UWP application for authentication as a link to Azure Active Directory. Citrix now supports using FIDO2 to authenticate those applications.

Requirements

The following are the requirements for using FIDO2 and WebAuthn authentication with UWP applications:

Citrix control plane

  • Citrix Virtual Apps and Desktops 2112 or later

Session host

  • Operating system
    • Windows 10 1809 or later
    • Windows Server 2022 or later
  • VDA
    • Windows: version 2112 or later

Client device

  • Operating system
    • Windows 10 1809 or later
    • Linux: Please refer to the Workspace app for Linux system requirements
  • Workspace app
    • Windows: version 2009.1 or later
    • Linux: 2303 or later

Authentication methods supported

  • FIDO2 Security Key
  • Windows Hello
    • TPM 2.0
    • Integrated biometrics
      • Facial recognition
      • Fingerprint scanner
    • WebAuthn
FIDO2 and WebAuthn authentication
June 13, 2023
Contributed by: 
C L
June 13, 2023
Contributed by: 
C L

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.