Smart cards

Citrix Workspace app for Android supports authentication through Citrix Gateway using the following methods, depending on your edition:

  • No authentication (Standard and Enterprise versions only)
  • Domain authentication
  • SMS Passcode (one-time PIN) authentication
  • Smart card authentication

Citrix Workspace app for Android now supports the following products and configurations.

Smart card readers:

  • BaiMobile 3000MP USB Smart Card Reader

Smart cards:

  • PIV cards
  • Common Access Cards


  • Smart card authentication to Citrix Gateway with StoreFront 2 or 3 and Citrix Virtual Apps and Desktops 7.x and later.


How to use smart cards


To use smart cards to access apps:

  1. If you want to configure Citrix Workspace app automatically to access apps when you create an account, in the Address field, enter the valid URL of your store. For example:

  2. Insert the smart card along with the supported reader to your Android device. The Citrix Workspace app automatically detects the smart card.

    smart card

  3. Select the Use Smartcard option to authenticate.


  • Your access to the store stays valid for approximately one hour. After that time, you must sign in to refresh your access or start other apps.

Support for FIDO2-based authentication when connecting to HDX session

Starting with the 23.8.0 version, Citrix Workspace app for Android now supports password-less authentication within a Citrix Virtual Apps and Desktops session using FIDO2-based authentication methods.

This feature allows users to sign in to a WebAuthn-supported website in browsers. For example, Google Chrome or Microsoft Edge using FIDO2-supported platform authenticators such as fingerprint, and device PIN. Simply opening a WebAuthn-supported website triggers password-less authentication.

Signing in to the Citrix Workspace app or desktop session using password-less authentication isn’t supported on FIDO 2.


Roaming authenticators such as YubiKey, or Smart Card aren’t supported in Citrix Workspace app for Android.

For more information about the prerequisites for this feature, see Local authorization and virtual authentication using FIDO2 in the Citrix Virtual Apps and Desktops documentation.

Inactivity timeout for Citrix Workspace app sessions

The administrator can specify the amount of idle time that is allowed. After the time-out value, an authentication prompt appears.

For more information, see Inactivity timeout for Citrix Workspace app sessions.

Support for biometric authentication after inactivity

After the inactivity timer expires, the end user is asked to authenticate themselves using biometric features such as facial recognition and fingerprint scanning.

The most robust form of biometric authentication available to the end user depends on the OEM of their device, and they are prompted accordingly.

Support for authentication using FIDO2 when connecting to a cloud store

Starting with the 24.5.0 version, users can authenticate to Citrix Workspace app using FIDO2-based password‑less authentication when connecting to a cloud store. FIDO2 offers a seamless authentication method, allowing enterprise employees to access apps and desktops within virtual sessions without the need to enter user name or password. This feature supports both roaming (USB only) and platform authenticators (PIN code, Face recognition, and Fingerprint only). This feature is compatible with Android version 9 and later.

FIDO2 authentication is supported with the Chrome custom tabs. If you are interested to use FIDO2 authentication with WebView, register your interest using the Podio form.


This feature is enabled by default.