Citrix Workspace app has deferred support for Next Token Mode because of a third-party dependency. We will update this description as information about the supportability become available.

If you configure the Citrix Gateway for RSA SecurID authentication, the Citrix Workspace app for Android supports Next Token Mode.

With this feature enabled, if a user enters three (by default) incorrect passwords, the Citrix Gateway plug-in prompts the user to wait until the next token is active before logging on. The RSA server can be configured to disable a user’s account if a user logs on too many times with an incorrect password.

For more information, see Authentication and Authorization section in the Citrix Gateway documentation.


RSA SecurID authentication is not supported on Citrix Secure Web Gateway configurations. To use RSA SecurID, use Citrix Gateway.

Installing RSA SecurID Software Tokens

An RSA SecurID Software Authenticator file has an .sdtid file name extension. Use the RSA SecurID Software Token Converter to convert the .sdtid file to an XML-format 81-digit numeric string. Obtain the latest software and information from the RSA website.

Follow these general steps:

  1. On a computer (not a mobile device), download the converter tool here. Follow the instructions on the website and in the readme included with the converter tool.
  2. Paste the converted numeric string into an email and send it to user devices.
  3. On the mobile device, make sure that the date and time are correct, which is required for authentication to occur.
  4. On the device, open the email and click the string to start the software token import process.

After the software token is installed on the device, a new option appears in the Settings list to manage the token.


On mobile devices that do not associate the .sdtid file with Citrix Workspace app for Android, change the file name extension to .xml and import it.

Save passwords

Using the Citrix Web Interface Management console, you can configure the authentication method to allow users to save their passwords. When you configure the user account, the encrypted password is saved until the first time the user connects.

  • If you enable password saving, Citrix Workspace app stores the password on the device for future logons and does not prompt for passwords when users connect to applications.


    The password is stored only if users enter a password when creating an account. If no password is entered for the account, no password is saved, regardless of the server setting.

  • If you disable password saving (default setting), Citrix Workspace app prompts users to enter passwords every time they connect.


You cannot store the password on StoreFront direct connections.

To override saved passwords

If you configure the server to save passwords, users who prefer to require passwords at logon can override password saving:

  • When creating the account, leave the password field blank.
  • When editing an account, delete the password and save the account.