Authenticate
Smart cards
Citrix Workspace app for Android supports authentication through Citrix Gateway using the following methods, depending on your edition:
- No authentication (Standard and Enterprise versions only)
- Domain authentication
- SMS Passcode (one-time PIN) authentication
- Smart card authentication
Citrix Workspace app for Android now supports the following products and configurations.
Smart card readers:
- BaiMobile 3000MP USB Smart Card Reader
Smart cards:
- PIV cards
- Common Access Cards
Configurations:
- Smart card authentication to Citrix Gateway with StoreFront 2 or 3 and Citrix Virtual Apps and Desktops 7.x and later.
Note:
- Other token‑based authentication solutions can be configured using RADIUS. For SafeWord token authentication, see Configuring SafeWord Authentication.
How to use smart cards
Prerequisite
- Install C4E app from play store to use smart cards. Contact email address: android@citrix.com for licenses.
To use smart cards to access apps:
-
If you want to configure Citrix Workspace app automatically to access apps when you create an account, in the Address field, enter the valid URL of your store. For example:
- .organization.com
- netscalervserver.organization.com
-
Insert the smart card along with the supported reader to your Android device. The Citrix Workspace app automatically detects the smart card.
-
Select the Use Smartcard option to authenticate.
Note:
- Your access to the store stays valid for approximately one hour. After that time, you must sign in to refresh your access or start other apps.
Support for FIDO2-based authentication
Starting with the 23.8.0 version, Citrix Workspace app for Android now supports password-less authentication within a Citrix Virtual Apps and Desktops session using FIDO2-based authentication methods.
This feature allows users to sign in to a WebAuthn-supported website in browsers. For example, Google Chrome or Microsoft Edge using FIDO2-supported platform authenticators such as fingerprint, and device PIN. Simply opening a WebAuthn-supported website triggers password-less authentication.
Signing in to the Citrix Workspace app or desktop session using password-less authentication isn’t supported on FIDO 2.
Note:
Roaming authenticators such as YubiKey, or Smart Card aren’t supported in Citrix Workspace app for Android.
For more information about the prerequisites for this feature, see Local authorization and virtual authentication using FIDO2 in the Citrix Virtual Apps and Desktops documentation.
Inactivity timeout for Citrix Workspace app sessions
The administrator can specify the amount of idle time that is allowed. After the time-out value, an authentication prompt appears.
For more information, see Inactivity timeout for Citrix Workspace app sessions.
Support for biometric authentication after inactivity
After the inactivity timer expires, the end user is asked to authenticate themselves using biometric features such as facial recognition and fingerprint scanning.
The most robust form of biometric authentication available to the end user depends on the OEM of their device, and they are prompted accordingly.