Per-store microphone access

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session. You can grant access to local client drives and hardware devices like microphones and webcams.

Previously, your setting for microphone access was applied on all configured stores.

Starting with this release, Citrix Workspace app requires the user’s permission to access the microphone. The selected setting for microphone access is applied on a per-store basis.

You can configure the access levels from Settings > Store Settings.


Under the Set permissions for option, select the store from the drop-down menu. Enable Microphone.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature is shipped. To do so, we use feature flags and a third-party service called LaunchDarkly. You do not need to make any configurations to enable traffic to LaunchDarkly, except when you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly via specific URLs or IP addresses, depending on your policy requirements.

You can enable traffic and communication to LaunchDarkly in the following ways:

Enable traffic to the following URLs


List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see LaunchDarkly public IP list. You can use this list to ensure that your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Statuspage page.

LaunchDarkly system requirements

Ensure that the apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF for the following services:

  • LaunchDarkly service.
  • APNs listener service

How to collect logs

To collect logs, follow these steps.

  1. Tap Settings. Settings
  2. Under Help and Support, tap Send feedback to Citrix (Includes logs). Send feedback
  3. Tap Workspace. Workspace
  4. Under Report an issue, tap Log Options. Log options
  5. Then, tap Level. Level
  6. Select Low, Medium, or Verbose level. (Default level is low for basic activity tracking. Modify the level only if recommended by your help desk). Low to verbose

Auto-launch of ICA file

You can launch your published apps and desktops by clicking the resource. This feature requires StoreFront (on-premises) Version 1912 or later.


  • Auto-launch of ICA file is supported only on Chromebook devices and only for HTTPS store URLs.
  • Don’t select the Remember my choice option when you launch a resource.

Enhanced session launch

Published apps and desktops are launched in separate windows. This helps you to use and interact with the store enumeration window without having to disconnect or log off from the session.


  • This feature is supported only on Chromebook devices.
  • This feature is not supported on tablets, phones, and Samsung DeX.


  • After changing any user settings, you must relaunch the session for the changes to take effect.
  • Apps and desktop are named ‘Workspace’ in the taskbar - not after the session.
  • Only one session can be used at a time.

Workspace with intelligence

Citrix Workspace app for Android is optimized to take advantage of the upcoming intelligent features when they are released. For more information, see Workspace Intelligence Features - Microapps.

Mobile Workspace Experience

As an administrator, configure as follows:

Enable Workspace for Citrix Endpoint Management in Citrix Cloud

  1. Sign in to Citrix Cloud.
  2. In the upper-left menu, select Workspace Configuration > Service Integration.
  3. Tap the three dots to the right of Endpoint Management and select Enable to enable integration with Citrix Workspace.


Enable Android for Workspace in Settings

  1. In Citrix Cloud, select Settings > Android for Workspace > and then tap Connect to sign in to Google Play with your corporate Google ID.
  2. Once registration is complete, you can publish the apps under Android for Workspace.

Android for workspace

Enable Enrollment profile

In Citrix Cloud, enable Workspace Integration by turning ON Enrollment through Workspace app for the appropriate delivery group.

Workspace enrollment

Battery status indicator

The battery status of the device is now displayed in the notification area of a Citrix Desktop session.


Battery status indicator is not displayed for server VDA.

Client drive-mapping

Citrix Workspace app informs the server of the available client drives. By default, client drives are mapped to server drive letters so they appear to be directly connected to the session. These mappings are available only for the current user during the current session.


This feature is supported only on versions of Android running SDK version 24 and later.

Client drive mapping (CDM) allows plug-and-play storage devices in a session. This means that you can use mass storage devices (For example, pen drives), to copy and paste documents between the pen drive and the user device.


  • Android APIs are observed to be slow, which delays certain operations.
  • CDM for external storage is not supported on Pixel devices.
  • File type association is not supported on external storage devices.

Known issue:

  • The Workspace app screen might shift between foreground and background when you plug in an external storage device.

Embedded Citrix HDX RealTime Media Engine

Starting with 20.3.0, the Citrix Workspace app consumes Version 2.9 of the Citrix HDX RealTime Media Engine (RTME).


You do not need to install HDX RTME to use Skype for Business, you only need the Citrix Workspace app. If HDX RTME is already installed on the Chromebook device, you must uninstall it.

To enable HDX RTME from the Citrix Workspace app:

By default, this setting is set to Off.

To enable the HDX RTME from the Citrix Workspace app, go to Settings > Advanced and select Enable RealTime Media Engine.

This feature is supported on:

  • Chromebooks running on x86 processors.
  • Devices running on Android 6.0 or later.


Only Citrix Workspace app is needed to use Skype for Business. You do not need to install HDX RTME. If HDX RTME is already installed on the Chromebook device, you must uninstall it.

For more information, see the HDX RealTime Optimization Pack 2.9 documentation.

Unauthenticated users

Citrix Workspace app supports unauthenticated (anonymous) users. Anonymous users can launch Citrix Virtual Apps and Desktops sessions successfully.

USB device redirection

Starting with Version 20.9.0, the USB redirection feature is fully functional and ready for general availability. By default, the USB redirection feature is disabled.

The generic USB redirection feature allows the redirection of arbitrary USB devices from client machines to Citrix Virtual Apps and Desktops. This feature allows you to interact with a wide selection of generic USB devices in a session as if they were physically plugged into it.

As a prerequisite to manage this feature using the Citrix Global App Config Service, set the USB redirection feature to Enabled on the Delivery Controller. For more information on how to configure USB redirection on the Delivery Controller, see the Generic USB devices section in the Citrix Virtual Apps and Desktops documentation.

The Citrix Global App Configuration Service gives Citrix administrators the ability to deliver Citrix Workspace service URLs and Citrix Workspace app settings through a centrally managed service.

The USB redirection feature is integrated with and configurable through the Citrix Global App Config Service. You can manage the feature using the Citrix Global App Config Service for non-domain joined networks.

For information on configuring the feature using this method, see Global App Configuration Service in the developer’s documentation.


This feature is ready for general availability starting with Version 20.9.0. In Versions 20.8.1 and earlier, it is available on-demand only.

The USB redirection policy must be set to Allowed on the Delivery Controller. For information about configuring USB redirection in Citrix Studio, see Configure generic USB redirection in the Citrix Virtual Apps and Desktops documentation.

For printers and scanners:

Install the vendor-specific drivers on the device. When the installation is complete, the vendor software might ask you to reconnect the USB device. Reconnect the USB device to redirect it.

For Chromebooks:

By default, USB devices (for example, pen drives) are blocked by the Chrome operating system. You must allow the list of devices using the Google admin console for managed Chromebooks.

For information on how to allow list of USB devices in a Chromebook, see Knowledge Center article CTX200825.


Depending on the redirected USB device and the network latency, it might take some time for the device to be visible in the Windows Explorer.

Configuring USB redirection on mobiles phones, tablets, and Samsung DeX

  1. Add a USB redirection policy-enabled store and launch a session.
  2. Click the session toolbar icon as displayed in the dialog below:

    session toolbar on Mobile phones

  3. Click the USB Icon in the session toolbar.
  4. Connected USB devices are listed in the USB devices window as shown below:

    Toggle screen

  5. To redirect a particular USB device, click the Toggle option against the device.

    A Workspace permission dialog appears.

    Permission screen

  6. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    This step is mandatory to redirect the USB device.

    The USB device is redirected and the status is displayed as shown below:

    USB status

Configuring the USB redirection feature on Chromebooks

  1. Add a USB redirection policy-enabled store and launch a session.
  2. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    Granting permission is a mandatory step and the prompt appears only on a fresh install.

    USB status

  3. Connect the USB device.
  4. Click the toolbar icon and then the USB icon on the session toolbar.

    Toolbar Chrome

    Connected USB devices are listed as shown below:



    If a USB device isn’t listed, ensure that you have whitelisted it.

    For information on how to allow list of USB devices on a Chromebook, see Knowledge Center article CTX200825.

  5. To redirect the USB device, click the Toggle option against the device to be redirected.
  6. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    The USB device is redirected and the status is updated. Dismiss the dialog to continue using the redirected USB device.


  • If a pen drive is redirected, it appears as listed in a session.
  • If a printer or scanner is redirected, it is displayed in the Devices section in the control panel.

Tested USB devices

Device Manufacturer Model
Printer HP LaserJet P2014
Scanner HP Scanjet G3010
Scanner Canon CanoScan LiDE 700F
Space Navigator 3Dconnexion  
Printer Brother QL-580N
Scanner HP Scanjet 200

Known issues:

  • Only one USB device is supported at a time.
  • Audio and video USB devices are not currently supported.

Citrix Casting

Citrix Casting combines digital and physical environments to deliver apps and data within a secure smart space. The complete system connects devices (or things), like mobile apps and sensors, to create an intelligent and responsive environment.

Citrix Ready workspace hub is built on the Raspberry Pi 3 platform. The device running Citrix Workspace app connects to the Citrix Ready workspace hub and casts the apps or desktops on a larger display.

Using Citrix Casting, you can:

  • Roam your session without launching a VDA session on the mobile devices.
  • View the list of available workspace hubs by tapping View hub list from the Workspace hub dialog.

Configure Citrix Casting

Citrix Casting is enabled when all the following system requirements are met:

  • Citrix Workspace app 1809 for Android or later installed
  • Bluetooth enabled
  • Location enabled
  • Mobile device and workspace hub using the same Wi-Fi network

To turn on the Citrix Casting feature, tap Settings and Citrix Casting on your device.

For more information about the Citrix Ready workspace hub in Citrix Workspace app, see Configure the Citrix Ready workspace hub.

For information about the Citrix Ready workspace hub, see Citrix Ready workspace hub documentation.

Content Collaboration Service integration

Citrix Content Collaboration (formerly ShareFile) enables you to easily and securely exchange documents, send large documents by email, and securely handle document transfers to third parties. There are many ways to work using Citrix Content Collaboration, including a web-based interface, mobile clients, desktop apps, and integration with Microsoft Outlook and Gmail.

You can access Citrix Content Collaboration using the Files tab in the Citrix Workspace app. You can view the Files tab only if the Content Collaboration Service is enabled in the Citrix Cloud console. For information, see Create or link a Content Collaboration (ShareFile) account to Citrix Cloud.


Citrix Content Collaboration integration is not supported on Windows Server 2012 and Windows Server 2016 due to a security option set in the operating system.


  • Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log off.
  • Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log off.

The following image displays example contents of the Files tab of the Citrix Workspace app:


Keyboard layout synchronization

Citrix Workspace app offers separate options to enable the client IME and keyboard layout synchronization under Settings.

The Enable client IME option allows you to type the double-byte characters (such as Chinese, Japanese, and Korean characters) directly at the insertion point in a session.

The Sync Keyboard option allows automatic keyboard layout synchronization between the VDA and the client device.

On a fresh install and by default, the Enable client IME option is set to On for Japanese, Chinese, and Korean languages and the Sync Keyboard option is set to Off.

To enable dynamic keyboard layout synchronization, set both the Enable client IME and Sync Keyboard options to On.


  • The VDA must be version 7.16 or later.
  • Administrators must enable the enhanced support for Asian languages feature on the VDA. By default, the feature is enabled. However, on Windows Server 2016 VDA, you must add a new key called DisableKeyboardSync and set the value to 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA\IcaIme to enable the feature.
  • Administrators must enable the unicode keyboard layout-mapping feature on the VDA. By default, the feature is disabled. To enable it, create the CtxKlMap key under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix and set DWORD value EnableKlMap = 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxKlMap.


  • This feature works only on soft keyboards on the devices, not on external keyboards.
  • Certain mobile devices might not fully support keyboard layout synchronization, such as the Nexus 5x
  • The keyboard layout can only be synced from the client to the server. When changing the server-side keyboard layout, the client keyboard layout cannot be changed.
  • When you change the client keyboard layout to a non-compatible layout, the layout might be synced on the VDA side, but functionality cannot be confirmed.
  • Remote applications that run with elevated privileges (for example, applications you run as an administrator) can’t be synchronized with the client keyboard layout. To work around this issue, manually change the keyboard layout on the VDA or disable UAC.

USB smart card

Citrix Workspace app provides support for USB smart card readers with StoreFront. You can use USB smart cards for the following purposes when enabled:

  • Smart card logon - Authenticates users to Citrix Workspace app.
  • Smart card application support - Enables smart card-aware published applications to access local smart card devices.

Citrix Workspace app supports this feature on all Android devices listed by Biometric Associates.

Citrix Workspace app supports the following types of USB smart cards:

  • Personal Identity Verification (PIV) cards
  • Common Access Cards (CAC) cards

USB smart card is supported on Android operating system 6.0(Marshmallow) to Version 7.12(Nougat). Android operating system Version 8.0(Oreo) and 9.0(Pie) are not supported. This is a third-party limitation.

You can also enable USB smart card authentication from Settings > Manage Accounts.

Configuring USB smart card


  • Download and install the Android PC/SC-Lite service from the Google Play Store.
  1. Connect the USB smart card reader to the mobile device. For information about connecting smart card readers, refer to the smart card reader specifications provided by the manufacturer.
  2. Add a smart card enabled StoreFront account.
  3. On the Citrix Workspace app logon page, tap Add Account. Tap the Use Smartcard option.
  4. To edit an existing account to use the USB smart card authentication, tap Accounts > Edit and tap the Use Smartcard option.

File type association

As a prerequisite for this feature to work, go to the Citrix Workspace app settings and set the Use device storage option to Full Access. An additional option, Ask every time is also available so that you are prompted for permission before accessing your device storage in a session.


Ask every time option is a per-session setting. It does not carry forward to the next session.

When you select Ask every time, any system-generated access to your device storage might cause the Use device storage prompt to appear (for example, at logoff). This is expected behavior.

Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio. To apply FTA in a session, ensure that users connect to the Store server where the FTA is configured.

On the user device, select the file you want to launch File Explorer and click Open. The Android operating system provides an option to launch the file using Citrix Workspace app (applying the FTA configured by the administrator) or a different application. Depending on your earlier selection, a default application might or might not be set. You can change the default application using the Change default option.


This feature is available only on StoreFront and requires Citrix Virtual Apps and Desktops Version 7 or later.

File type association (FTA) with Google Drive

When using a Chromebook, you can access files residing on Google Drive from Citrix Workspace app using the file type association (FTA) feature. You can seamlessly use Android applications available on Chromebooks to access these files. For example, if you save a .doc file to Google Drive, you can open the file using an Android application (in this case, Microsoft Word) on the Chromebook from within Citrix Workspace app.


Only Chromebook devices support FTA with Google Drive.

Enabling access to files on Google Drive:

  1. Download the Citrix File Access component (FileAccess.exe) from the Citrix Workspace app for Chrome download page and install it on the VDA.
  2. Using Citrix Studio, configure the appropriate file type associations (FTAs) for published applications. FTAs can be configured from the respective application properties or settings. For more information about how to set FTA, see Knowledge Center article CTX218743.
  3. In a Citrix Virtual Apps and Desktops session, open the default browser, add the following URL to the trusted sites: and
  4. On the Chromebook device, select the file you want to launch. Tap Open and select Citrix Workspace app from the list.

Known issues and limitations

  1. Smart card authentication might be slower than password authentication. For example, after disconnecting from a session, wait for approximately 30 seconds before attempting to reconnect. Reconnecting to a disconnected session too quickly might cause Citrix Workspace app to turn unresponsive.
  2. Smart card authentication is not supported on farms.
  3. Some users might have a global PIN number for smart cards; however, when users log on using a smart card account, they must enter the PIV PIN and not the global smart card PIN. This is a third-party limitation.
  4. Citrix recommends that you exit and restart the Citrix Workspace app session after you log off from the smart card account.
  5. Multiple USB smart cards are not supported.
  6. You can access only MIME file formats supported by Microsoft Office, Adobe Acrobat reader and Notepad applications using the file type association feature.

Customer Experience Improvement Program (CEIP)

Data collected Description What we use it for
Configuration and usage data The Citrix Customer Experience Improvement Program (CEIP) gathers configuration and usage data from Citrix Workspace app and automatically sends the data to Google Analytics for Firebase. This data helps Citrix improve the quality, reliability, and performance of Citrix Workspace app.

Additional Information

Citrix will handle your data in accordance with the terms of your contract with Citrix, and protect it as specified in the Citrix Services Security Exhibit available on the Citrix Trust Center.

You can disable sending CEIP data to Citrix and Google Analytics for Firebase (except for the two data elements collected for Google Analytics for Firebase indicated by an * in the following table) by:

  1. Launch the Citrix Workspace app and select Settings.
  2. Select Advanced Preferences.

    The Advanced Preferences dialog appears.

  3. Clear the option Send Usage statistics.

The specific CEIP data elements collected by Google Analytics for Firebase are:

Operating system version* Workspace app version* Authentication configuration Device information
Session launch method Citrix store type Client drive-mapping configuration  
Session information Recieverconfig.txt usage USB redirection configuration HDX RTME user info
HTTP and HTTPS connection configuration ICA connections protocol info Workspace app review action Disable Firebase Configuration
Number of stores added Screen capture action RSA feature user actions StoreFront Vs Workspace app user count
App update action Operating system update Screen view action App remove
Web view connections App clear data App execution App session start

Security settings

Citrix recommends using stores that are secure. Besides, it is a good practice to have HTTP strict transport security (HSTS) setting enabled for secure stores.

Perform the following steps to enable the HSTS setting:

  1. In Citrix StoreFront, under Stores, click on the link of the particular store to enable the security settings.
  2. The Manage Receiver for Web Sites dialog box appears.
  3. Click Configure.
  4. The Edit Receiver for Web site dialog box appears.
  5. Click the Advanced Settings tab and select Enable strict transport security.

Security settings