Citrix Workspace app has deferred support for Next Token Mode because of a third-party dependency. More information about the supportability can be expected as it gets available.

With this feature enabled,

  • If you enter three incorrect passwords, the Citrix Gateway plug-in prompts you to wait until the next token is active before sign-in.
  • If you have sign-in too many times with an incorrect password, the RSA server can disable your account.

For more information, see the Authentication and Authorization section in the Citrix Gateway documentation.


Citrix Secure Web Gateway configurations do not support RSA SecurID authentication. To use RSA SecurID, use Citrix Gateway.

Installing RSA SecurID Software Tokens

An RSA SecurID Software Authenticator file has an .sdtid file name extension. Use the RSA SecurID Software Token Converter to convert the .sdtid file to an XML-format 81-digit numeric string. Get the latest software and information from the RSA website.

Follow these general steps:

  1. On a computer (not mobile device), download the converter tool here. Follow the instructions on the website and the readme included with the converter tool.
  2. Paste the converted numeric string into an email and send it to user devices.
  3. On the mobile device, make sure that the date and time are correct, which are required for authentication.
  4. On the device, open the email and click the string to start the software token import process.

After the software token is installed on the device, a new option appears in the Settings list to manage the token.


On mobile devices that do not associate the .sdtid file with Citrix Workspace app, you need to change the file name extension to .xml and then import it.