Per-store microphone access

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session. You can grant access to local client drives and hardware devices like microphones and webcams.

Previously, your setting for microphone access was applied on all configured stores.

Starting with this release, Citrix Workspace app requires the user’s permission to access the microphone. The selected setting for microphone access is applied on a per-store basis.

You can configure the access levels from Settings > Store Settings.


Under the Set permissions for option, select the store from the drop-down menu. Enable Microphone.

Per-store location access

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session.

Previously, your setting for location access was applied on all configured stores.

Starting with 21.3.0 release, Citrix Workspace app requires the user’s permission to access the location. The selected setting for location access is applied on a per-store basis.

Configure the access levels as follows:

  1. Select Settings > Store settings.
  2. Under the Set permissions for option, select a store from the drop-down menu.
  3. Enable Location. Location

VPN functionality

You can access the internal Web, Software-as-a-Service (SaaS) apps, and websites hosted by your company - regardless of your access location. You can access these resources, hosted by your company, without a VPN connection. This feature is available only for customers on cloud stores.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature is shipped. To do so, we use feature flags and a third-party service called LaunchDarkly. You do not need to make any configurations to enable traffic to LaunchDarkly, except when you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly via specific URLs or IP addresses, depending on your policy requirements.

You can enable traffic and communication to LaunchDarkly in the following ways:

Enable traffic to the following URLs


List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see LaunchDarkly public IP list. You can use this list to ensure that your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Status page.

LaunchDarkly system requirements

Ensure that the apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF for the following services:

  • LaunchDarkly service.
  • APNs listener service

How to collect logs

To collect logs, follow these steps.

  1. Tap Settings. Settings
  2. Under Help and Support, tap Send feedback to Citrix (Includes logs). Send feedback
  3. Tap Workspace. Workspace
  4. Under Report an issue, tap Log Options. Log options
  5. Then, tap Level. Level
  6. Select Low, Medium, or Verbose level. (Default level is low for basic activity tracking. Modify the level only if recommended by your help desk). Low to verbose

Auto-launch of ICA file

You can launch your published apps and desktops by clicking the resource. This feature requires StoreFront (on-premises) Version 1912 or later.


  • Auto-launch of ICA file is supported only on Chromebook devices and only for HTTPS store URLs.
  • Don’t select the Remember my choice option when you launch a resource.

Enhanced session launch

Published apps and desktops are launched in separate windows. This enhancement helps you to use and interact with the store enumeration window without having to disconnect or log off from the session.


  • This feature is supported only on Chromebook devices.
  • This feature is not supported on tablets, phones, and Samsung DeX.


  • After changing any user settings, you must relaunch the session for the changes to take effect.
  • Apps and desktop are named ‘Workspace’ in the taskbar - not after the session.
  • Only one session can be used at a time.

Workspace with intelligence

Citrix Workspace app for Android is optimized to take advantage of the upcoming intelligent features when they are released. For more information, see Workspace Intelligence Features - Microapps.

Mobile Workspace Experience

The Mobile Workspace Experience uses the Citrix Workspace app to enroll devices through Citrix Endpoint Management.

The Mobile Workspace Experience provides a great end user experience as follows:

  • Enrollment: You can complete the entire enrollment in the Citrix Workspace app itself without using Citrix Secure Hub. In just a few taps, your device gets enrolled in Android Enterprise through Citrix Endpoint Management.
  • Security: The Mobile Workspace Experience provides mVPN (mobile virtual private network) connectivity for native apps. Citrix Secure Mail and Secure Web both run on the Mobile App Management (MAM) SDK.


After enrollment, you’ll be on Work profile mode, which enables complete separation of personal apps and work apps. Your privacy is maintained as IT only controls the Work profile. So, when you’re working on your BYOD (bring-your-own-device), you have complete privacy.

As an administrator, configure as follows:

Enable Workspace for Citrix Endpoint Management in Citrix Cloud

  1. Sign in to Citrix Cloud.
  2. In the upper-left menu, select Workspace Configuration > Service Integration.
  3. Tap the three dots to the right of Endpoint Management and select Enable to enable integration with Citrix Workspace.


Enable Android for Workspace in Settings

  1. In Citrix Cloud, select Settings > Android for Workspace > and then tap Connect to sign in to Google Play with your corporate Google ID.
  2. Once registration is complete, you can publish the apps under Android for Workspace.

Android for workspace

Enhanced Enrollment profile

Citrix Endpoint Management supports a feature called Enrollment profile. The feature lets administrators configure different enrollment modes, such as EP2, Work profile, and Personal profile. Administrators configure different enrollment modes, based on delivery groups, on a single server. The feature then assigns these modes to users based on their requirements.

To date, the feature let you configure different Android Enterprise and Device Administrator Legacy modes.

Starting with 21.6.0 release, the Enrollment profile supports additional modes for the Workspace mobile experience. We’ve modified Citrix Workspace app to consume this API to determine which modes a user requires.

Enable Enrollment profile

In Citrix Cloud, enable Workspace Integration by turning ON Enrollment through Workspace app for the appropriate delivery group.

Workspace enrollment

Battery status indicator

The battery status of the device is now displayed in the notification area of a Citrix Desktop session.


Battery status indicator is not displayed for server VDA.

Client drive mapping

Citrix Workspace app informs the server of the available client drives. By default, client drives are mapped to server drive letters so they appear to be directly connected to the session. These mappings are available only for the current user during the current session.


This feature is supported only on versions of Android running SDK version 24 and later.

Client drive mapping (CDM) allows plug-and-play storage devices in a session. So, you can use mass storage devices (For example, pen drives), to copy and paste documents between the pen drive and the user device.

Feature limitations:

  • Android APIs are observed to be slow, which delays certain operations.
  • CDM for external storage is not supported on Pixel devices.
  • File type association is not supported on external storage devices.

Known issue in the feature:

  • The Workspace app screen might shift between foreground and background when you plug in an external storage device.

Client Drive Mapping enhancement

Earlier, a selected choice of device storage was applied on all configured stores.

Starting with the release 20.8.0, Citrix Workspace app allows you to select dedicated device storage for every configured store.

You get a prompt to select the type of device storage along with the store details at session launch. You can do one of the following:

  • Select one of the device storage options and click OK - The choice is applied only to the current session. A prompt appears to select the type of device storage at every launch.
  • Select one of the device storage options, select Do not ask again and click OK - The choice is applied for all session launches for that store. No further prompts appear.
  • Select Cancel - You are prompted to select a type of device storage at every launch and within a session as well. The session does not have access to the device storage.


This feature applies only on direct ICA launches and Citrix Gateway configured stores. Stores without end-to-end SSL setup are not supported.

Embedded Citrix HDX RealTime Media Engine

Starting with 20.3.0, the Citrix Workspace app consumes Version 2.9 of the Citrix HDX RealTime Media Engine (RTME).


You do not need to install HDX RTME to use Skype for Business, you only need the Citrix Workspace app. If HDX RTME is already installed on the Chromebook device, you must uninstall it.

To enable HDX RTME from the Citrix Workspace app:

By default, this setting is set to Off.

To enable the HDX RTME from the Citrix Workspace app, go to Settings > Advanced and select Enable RealTime Media Engine.

This feature is supported on:

  • Chromebooks running on x86 processors.
  • Devices running on Android 6.0 or later.


Only Citrix Workspace app is needed to use Skype for Business. You do not need to install HDX RTME. If HDX RTME is already installed on the Chromebook device, you must uninstall it.

For more information, see the HDX RealTime Optimization Pack 2.9 documentation.

Unauthenticated users

Citrix Workspace app supports unauthenticated (anonymous) users. Anonymous users can launch Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) sessions successfully.

USB device redirection

Starting with Version 20.9.0, the USB redirection feature is fully functional and ready for general availability. By default, the USB redirection feature is disabled.

This feature allows the redirection of arbitrary USB devices from client machines to Citrix Virtual Apps and Desktops and Citrix DaaS. It allows you to interact with a wide selection of generic USB devices in a session, as if they were physically plugged into it.

As a prerequisite to manage this feature using the Citrix Global App Config Service, set the USB redirection feature to Enabled on the Delivery Controller. For more information on how to configure USB redirection on the Delivery Controller, see the Generic USB devices section in the Citrix Virtual Apps and Desktops documentation.

The Citrix Global App Configuration Service gives Citrix administrators the ability to deliver Citrix Workspace service URLs and Citrix Workspace app settings through a centrally managed service.

The USB redirection feature is integrated with and configurable through the Citrix Global App Config Service. You can manage the feature using the Citrix Global App Config Service for non-domain joined networks.

For information on configuring the feature using this method, see Global App Configuration Service in the developer’s documentation.


This feature is ready for general availability starting with Version 20.9.0. In Versions 20.8.1 and earlier, it is available on-demand only.

The USB redirection policy must be set to Allowed on the Delivery Controller. For information about configuring USB redirection in Citrix Studio, see Configure generic USB redirection in the Citrix Virtual Apps and Desktops documentation.

For printers and scanners:

Install the vendor-specific drivers on the device. When the installation is complete, the vendor software might ask you to reconnect the USB device. Reconnect the USB device to redirect it.

For Chromebooks:

By default, the Chrome operating system blocks the USB devices (for example, pen drives). Allow the list of devices using the Google admin console for managed Chromebooks.

For information on how to allow the list of USB devices in a Chromebook, see Knowledge Center article CTX200825.


Depending on the redirected USB device and the network latency, it might take some time for the device to be visible in the Windows Explorer.

Configuring USB redirection on mobiles phones, tablets, and Samsung DeX

  1. Add a USB redirection policy-enabled store and launch a session.
  2. Click the session toolbar icon as displayed in the dialog below:

    session toolbar on Mobile phones

  3. Click the USB Icon in the session toolbar.
  4. Connected USB devices are listed in the USB devices window as shown below:

    Toggle screen

  5. To redirect a particular USB device, click the Toggle option against the device.

    A Workspace permission dialog appears.

    Permission screen

  6. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    This step is mandatory to redirect the USB device.

    The USB device is redirected and the status is displayed as shown below:

    USB status

Configuring the USB redirection feature on Chromebooks

  1. Add a USB redirection policy-enabled store and launch a session.
  2. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    Granting permission is a mandatory step and the prompt appears only on a fresh install.

    USB status

  3. Connect the USB device.
  4. Click the toolbar icon and then the USB icon on the session toolbar.

    Toolbar Chrome

    Connected USB devices are listed as shown below:



    If a USB device isn’t listed, ensure that you have whitelisted it.

    For information on how to allow list of USB devices on a Chromebook, see Knowledge Center article CTX200825.

  5. To redirect the USB device, click the Toggle option against the device to be redirected.
  6. Click OK to grant permission for the Citrix Workspace app to redirect the device.


    The USB device is redirected and the status is updated. Dismiss the dialog to continue using the redirected USB device.


  • If a pen drive is redirected, it appears as listed in a session.
  • If a printer or scanner is redirected, it is displayed in the Devices section in the control panel.

Tested USB devices

Device Manufacturer Model
Printer HP LaserJet P2014
Scanner HP Scanjet G3010
Scanner Canon CanoScan LiDE 700F
Space Navigator 3Dconnexion  
Printer Brother QL-580N
Scanner HP Scanjet 200

Known issues:

  • Only one USB device is supported at a time.
  • Audio and video USB devices are not currently supported.

Auto-redirection of USB devices

Citrix Workspace app lets you redirect USB devices automatically when you connect them. When you connect a USB device, a prompt appears, asking you for permission. After you grant the permission, the USB device is redirected automatically.


This feature is available on-demand only and supports only if the USB device redirection feature is enabled.

Citrix Casting

Citrix Casting combines digital and physical environments to deliver apps and data within a secure smart space. The complete system connects devices (or things), like mobile apps and sensors, to create an intelligent and responsive environment.

Citrix Ready workspace hub is built on the Raspberry Pi 3 platform. The device running Citrix Workspace app connects to the Citrix Ready workspace hub and casts the apps or desktops on a larger display.

Using Citrix Casting, you can:

  • Roam your session without launching a VDA session on the mobile devices.
  • View the list of available workspace hubs by tapping View hub list from the Workspace hub dialog.

Configure Citrix Casting

Citrix Casting is enabled when all the following system requirements are met:

  • Citrix Workspace app 1809 for Android or later installed
  • Bluetooth enabled
  • Location enabled
  • Mobile device and workspace hub using the same Wi-Fi network

To turn on the Citrix Casting feature, tap Settings and Citrix Casting on your device.

For more information about the Citrix Ready workspace hub in Citrix Workspace app, see Configure the Citrix Ready workspace hub.

For information about the Citrix Ready workspace hub, see Citrix Ready workspace hub documentation.

Content Collaboration Service integration

Citrix Content Collaboration (formerly ShareFile) enables you to easily and securely exchange documents, send large documents by email, and securely handle document transfers to third parties. There are many ways to work using Citrix Content Collaboration, including:

  • web-based interface
  • mobile clients
  • desktop apps
  • integration with Microsoft Outlook and Gmail

You can access Citrix Content Collaboration using the Files tab in the Citrix Workspace app. You can view the Files tab only if the Content Collaboration Service is enabled in the Citrix Cloud console. For information, see Create or link a Content Collaboration (ShareFile) account to Citrix Cloud.


Citrix Content Collaboration integration isn’t supported on Windows Server 2012 and 2016 due to a security option set in the operating system.

Feature limitations:

  • Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log off.
  • Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log off.

The following image displays example contents of the Files tab of the Citrix Workspace app:


Keyboard layout synchronization

Citrix Workspace app offers separate options to enable the client IME and keyboard layout synchronization under Settings.

The Enable client IME option allows you to type the double-byte characters (such as Chinese, Japanese, and Korean characters) directly at the insertion point in a session.

The Sync Keyboard option allows automatic keyboard layout synchronization between the VDA and the client device.

On a fresh install and by default, the Enable client IME option is set to On for Japanese, Chinese, and Korean languages and the Sync Keyboard option is set to Off.

To enable dynamic keyboard layout synchronization, set both the Enable client IME and Sync Keyboard options to On.


  • The VDA must be version 7.16 or later.
  • Administrators must enable the enhanced support for Asian languages feature on the VDA. By default, the feature is enabled. However, on the Windows Server 2016 VDA, you must add a new key called DisableKeyboardSync and set the value to 0 in HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA\IcaIme to enable the feature.
  • Administrators must enable the unicode keyboard layout-mapping feature on the VDA. By default, the feature is disabled. To enable it, create the CtxKlMap key under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix and set the DWORD value EnableKlMap = 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxKlMap.

Feature Limitations:

  • This feature works only on soft keyboards on the devices, not on external keyboards.
  • Certain mobile devices might not fully support keyboard layout synchronization, such as the Nexus 5x
  • The keyboard layout can only be synced from the client to the server. When changing the server-side keyboard layout, the client keyboard layout cannot be changed.
  • When you change the client keyboard layout to a non-compatible layout, the layout might be synced on the VDA side, but functionality cannot be confirmed.
  • Remote applications that run with elevated privileges (for example, applications you run as an administrator) can’t be synchronized with the client keyboard layout. To work around this issue, manually change the keyboard layout on the VDA or disable UAC.

USB smart card

Citrix Workspace app supports USB smart card readers with StoreFront. You can use USB smart cards for the following purposes when enabled:

  • Smart card logon - Authenticates users to Citrix Workspace app.
  • Smart card application support - Enables smart card-aware published applications to access local smart card devices.

Citrix Workspace app supports this feature on all Android devices listed by Biometric Associates.

Citrix Workspace app supports the following types of USB smart cards:

  • Personal Identity Verification (PIV) cards
  • Common Access Cards (CAC) cards

USB smart card is supported on Android operating system from version 7.x through 11.x.

You can also enable USB smart card authentication from Settings > Manage Accounts.

Configuring USB smart card


  • Download and install the Android PC/SC-Lite service from the Google Play Store.
  1. Connect the USB smart card reader to the mobile device. For information about connecting smart card readers, refer to the smart card reader specifications provided by the manufacturer.
  2. Add a smart card enabled StoreFront account.
  3. On the Citrix Workspace app logon page, tap Add Account. Tap the Use Smartcard option.
  4. To edit an existing account to use the USB smart card authentication, tap Accounts > Edit and tap the Use Smartcard option.

File type association

As a prerequisite for this feature to work, go to the Citrix Workspace app settings and set the Use device storage option to Full Access. An additional option, Ask every time is also available so that you are prompted for permission before accessing your device storage in a session.


Ask every time option is a per-session setting. It does not carry forward to the next session.

When you select Ask every time, any system-generated access to your device storage might cause the Use device storage prompt to appear (for example, at logoff), which is an expected behavior.

Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio. To apply FTA in a session, ensure that users connect to the Store server where the FTA is configured.

On the user device, select the file you want to launch File Explorer and click Open. The Android operating system provides an option to launch the file using Citrix Workspace app (applying the FTA configured by the administrator) or a different application. Depending on your earlier selection, a default application might or might not be set. You can change the default application using the Change default option.


This feature is available only on StoreFront and requires Citrix Virtual Apps and Desktops Version 7 or later.

File type association (FTA) with Google Drive

When using a Chromebook, you can access files residing on Google Drive from Citrix Workspace app using the file type association (FTA) feature. You can seamlessly use Android applications available on Chromebooks to access these files. For example, if you save a .doc file to Google Drive, you can open the file using an Android application (in this case, Microsoft Word) on the Chromebook from within Citrix Workspace app.


Only Chromebook devices support FTA with Google Drive.

Enabling access to files on Google Drive:

  1. Download the Citrix File Access component (FileAccess.exe) from the Citrix Workspace app for Chrome download page and install it on the VDA.
  2. Using Citrix Studio, configure the appropriate file type associations (FTAs) for published applications. FTAs can be configured from the respective application properties or settings. For more information about how to set FTA, see Knowledge Center article CTX218743.
  3. In a Citrix Virtual Apps and Desktops session, open the default browser, and then add the following URL to the trusted sites: and
  4. On the Chromebook device, select the file you want to launch. Tap Open and select Citrix Workspace app from the list.

Known issues and limitations in the feature

  1. Smart card authentication might be slower than password authentication. For example, after disconnecting from a session, wait for approximately 30 seconds before attempting to reconnect. Reconnecting to a disconnected session too quickly might cause Citrix Workspace app to turn unresponsive.
  2. Smart card authentication is not supported on farms.
  3. Some users might have a global PIN number for smart cards. However, when users sign in using a smart card account, they must enter the PIV PIN and not the global smart card PIN, which is a third-party limitation.
  4. Citrix recommends that you exit and restart the Citrix Workspace app session after you log off from the smart card account.
  5. Multiple USB smart cards are not supported.
  6. You can access only MIME file formats supported by Microsoft Office, Adobe Acrobat reader and Notepad applications using the file type association feature.

Customer Experience Improvement Program (CEIP)

Data collected Description What we use it for
Configuration and usage data The Citrix Customer Experience Improvement Program (CEIP) gathers configuration and usage data from Citrix Workspace app and automatically sends the data to Google Analytics for Firebase. This data helps Citrix improve the quality, reliability, and performance of Citrix Workspace app.

Additional Information

Citrix will handle your data in accordance with the terms of your contract with Citrix. Your data is protected as specified in the Citrix Services Security Exhibit. This exhibit is available on the Citrix Trust Center.

You can disable sending CEIP data to Citrix and Google Analytics for Firebase (except for the two data elements collected for Google Analytics for Firebase indicated by an * in the following table) by:

  1. Launch the Citrix Workspace app and select Settings.
  2. Select Advanced Preferences.

    The Advanced Preferences dialog appears.

  3. Clear the option Send Usage statistics.


  • No data is collected for the users in European Union (EU), European Economic Area (EEA), Switzerland, and United Kingdom (UK).

The specific CEIP data elements collected by Google Analytics for Firebase are:

Operating system version* Workspace app version* Authentication configuration Device information
Session launch method Citrix store type Client drive-mapping configuration  
Session information Recieverconfig.txt usage USB redirection configuration HDX RTME user info
HTTP and HTTPS connection configuration ICA connections protocol info Workspace app review action Disable Firebase Configuration
Number of stores added Screen capture action RSA feature user actions StoreFront Vs Workspace app user count
App update action Operating system update Screen view action App remove
Web view connections App clear data App execution App session start

Security settings

Citrix recommends using stores that are secure. Besides, it is a good practice to have HTTP strict transport security (HSTS) setting enabled for secure stores.

Perform the following steps to enable the HSTS setting:

  1. In Citrix StoreFront, under Stores, click the link of the particular store to enable the security settings.
  2. The Manage Receiver for Web Sites dialog box appears.
  3. Click Configure.
  4. The Edit Receiver for Web site dialog box appears.
  5. Click the Advanced Settings tab and select Enable strict transport security.

Security settings

User experience

Option to disable display of error messages

You can now disable the display of the following error message related to network monitoring:

“Connection might be temporarily slow.”

To disable the error message relating to network issues in a session, go to Advanced and select the Disable network monitoroting messages option.

User interface enhancement

  • Starting with 20.7.0 release, you can remove the store account details from the Edit option. Click Remove account to remove the account details.

  • Starting with 20.7.5 release, the Recent tab displays the native mobile apps along with the published apps and desktops.

  • Starting with 20.10.0 release, Citrix Workspace app supports Google Play’s current target API requirements for Android 10.

  • Starting with 20.10.0 release, you receive a notification about a non-secure connection when you try to add an HTTP store.

  • Starting with 21.3.5 release, you can navigate back and forth within web and Software-as-a-Service (SaaS) apps, as well as from the microapp view.

    The navigation buttons appear at the bottom left of your workspace web and SaaS app session of your mobile phone.


    The navigation buttons appear at the top left of your SaaS app session of your tablet.

  • Starting with 21.4.0 release, you can search for words or phrases within your web and Software-as-a-Service (SaaS) apps.

    To search, follow these steps.

    1. Tap the ellipsis button on the bottom right and select Find in page. Search

    2. The keyboard appears. keyboard

    3. On typing, your search result appears (for example, the word “imagine”). result

  • Starting with 21.6.0 release, you can download text, audio, and video files (with and without direct links). For text, audio, and video files with direct links, download directly by tapping the link. You can preview the audio and video files before downloading them.

    To download files without direct links, tap the ellipsis button on the bottom right and select Download.


    After the download completes, a notification indicates that the file is saved in your downloads folder.


  • Starting with 21.8.5 release, we now support Android 12 Beta 4 in Citrix Workspace app for Android. Upgrading to Citrix Workspace app version 21.8.5 ensures uninterrupted support for devices that are updated to Android 12 Beta 4.

  • Starting with 21.9.0 release, Citrix Workspace app supports Android 12 Beta 4. If you are on HTTP-based stores, for a secure context, we recommend that you transition to HTTPS-based stores. For more information, see HTTPS.

  • Starting with 22.2.0 release, you can access a list of recently launched apps for quick access when you use the long-press gesture on the Citrix Workspace app icon.


Enhanced feedback mechanism

Previously, you could provide feedback to Citrix using Citrix Workspace app only through email.

Starting with 20.12.0 release, you can send us feedback about Workspace and report issues using the same interface. To send feedback:

Click Settings > Send feedback to Citrix.

The Report an issue dialog appears.

Report an issue

Using the Report an issue dialog, you can:

  • Request help from Support
  • Report an issue
  • Send issue logs


This feature is an important change to the secure communication protocol. Cipher suites with the prefix TLS_RSA_ doesn’t offer forward secrecy and are considered weak.

The TLS_RSA_ cipher suites have been removed. The releases 20.6.5 and later supports advanced TLS_ECDHE_RSA_ cipher suites. If your environment isn’t configured with the TLS_ECDHE_RSA_ cipher suites, you cannot launch the client because of weak ciphers.

The following advanced cipher suites are supported:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

TLS v1.0 supports the following cipher suites:


TLS v1.2 supports the following cipher suites:


Support for Android Enterprise

Starting with 20.12.0 release, Citrix Workspace app supports Android Enterprise.

For more information, see the Android Enterprise in the Citrix Endpoint Management documentation.

Enlightened Data Transport (EDT)

In earlier releases, session launches were unsuccessful when Enlightened Data Transport (EDT) connections can’t be established between Citrix Gateway and the VDA. Starting with 21.5.0 release, unsuccessful EDT connections fall back to TCP.

EDT stack parameters enabled by default

Starting with 21.7.0 release, the EDT stack parameters are enabled by default. As a result, we’ve removed the EDT Stack Parameters option from Settings > Advanced.

To date, the option to disable EDT stack parameters was available to users. With this option available, not all clients were following custom EDT Maximum Segment Size (MSS) requirements consistently. As a result, fragmentation occurred with degradation in HDX performance and issues in establishing sessions for these clients. With EDT stack parameters newly enabled by default, the overall user experience and satisfaction is now enhanced.

Parallel connection

Starting with 21.7.0 release, we’ve are introducing the EDT and TCP parallel connection feature. The feature results in decreased connection times.

Earlier, when establishing a connection, the Workspace app would try to connect using EDT. Unsuccessful EDT connection attempts would fall back to TCP.

This caused the following issues that are now addressed:

  • Increased connection time in fallback scenarios.
  • Session reliability and Auto client reconnect tended to favor TCP.
  • Required a connection break to try TCP again.

MTU Discovery capabilities added to EDT

We’ve added Maximum Transmission Unit Discovery capabilities to Enlightened Data Transport (EDT). As a result, you can now enjoy a consistently stable HDX experience, delivered by EDT.

Earlier, EDT could fail in several scenarios such as VPN, Wi-Fi, 4G or 3G connections, and on Microsoft Azure, caused by packet loss because of packet size.

When you tried to launch a session, packet fragmentation could cause sessions to drop. As a workaround, it was necessary to adjust the EDT MSS (Maximum Segment Size) in the StoreFront file, which meant extra configuration. The addition of MTU Discovery capabilities added to EDT resolves and addresses these issues.

MTU Discovery capabilities added to EDT work in sessions hosted on 1912 VDA and later.

Service continuity Feature preview


  • This feature is in public technical preview.

Service continuity removes or minimizes the dependency on the availability of components that are involved in the connection process. Users can launch their virtual apps and desktops regardless of the health status of the cloud services. For more information, see Service continuity section in the Citrix Workspace documentation.

Migration from on-premises to cloud account

Administrators can seamlessly migrate the end users from an on-premises StoreFront store URL to a Workspace URL. Administrators can do the migration with minimum end user interaction using the Global App Configuration Service.

To configure:

  1. Navigate to the Global App Configuration Store Settings API URL and enter the cloud Store URL. For example,<hash coded store URL>/product/workspace/os/ios.
  2. Navigate to API Exploration > SettingsController > postDiscoveryApiUsingPOST > click POST.
  3. Click INVOKE API.
  4. Enter and upload the payload details. Enter the StoreFront store expiry date in the epoch timestamp in milliseconds format.

    For example,

    "migrationUrl": [
    "url": "<cloud store url>"
    "storeFrontValidUntil": "<epoch timestamp in milliseconds>",
    ]   ,
  5. Click EXECUTE to push the service.

End user Experience

As an end user, if you’re using the Citrix Workspace app for the first time, after successful authentication, the Introducing the new Citrix Workspace migration screen appears (if eligible). After you tap the Try new Citrix Workspace now option, migration begins. Upon successful migration, you can access the Workspace store (cloud store).


You can skip the migration for three times. Later, the migration is forced without an option to skip.

New workspace

After you migrate to the Workspace (cloud) store, you can view both the StoreFront and the Workspace store under Settings. When you switch from a cloud store to the on-premises StoreFront store, a feedback screen appears to gather your response.


The StoreFront store has an expiry date. Post the expiry date, the store gets deleted.

Google Assistant integration

You can interact with the Google Assistant to launch resources like apps and desktops without launching Citrix Workspace app each time. All the recently accessed resources are listed under Google Assistant shortcuts. Select the ones you prefer to add as a shortcut.

To configure:

  1. Launch Citrix Workspace app and open a resource you want to add as the shortcut.
  2. Open Google Assistant settings from your device.


    Accessing Google Assistant settings can vary depending upon the Android version and the Android device you use.

    As a tip, use the voice command to open the Google Assistant settings.

  3. Scroll and tap Shortcuts.
  4. Tap Citrix Workspace app and select the resource you want to add as a shortcut. You can now use voice commands to launch the resource.


  5. (Optional) You can edit and update the voice command.

    edit shortcut

Use the latest version

This feature helps you to use the latest version of Citrix Workspace app. When you launch the Citrix Workspace app, the in-app prompt asks you to update to the latest version.

Update prompt

When you tap Update, the update happens in the background, and you can continue using the app. You can view the progress on the Snackbar. After the download is complete the following dialog box appears:

Download complete

Tap Relaunch now to use the latest version. If you tap Do it later, the prompt to restart the app appears in the next app launch.