Configure

Microphone access for every store

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session. You can grant access to local client drives and hardware devices like microphones and webcams.

Previously, your setting for microphone access was applied on all configured stores.

Now, Citrix Workspace app requires the end user’s permission for every store to access the microphone. Provide the permission to access the microphone as follows:

  1. Long press on the Citrix Workspace app icon and tap the App info The app info icon icon.

    CWA App info

  2. Tap Permissions.

    App info

  3. Tap Microphone.

    App permissions

  4. Select Allow only while using this app.

    Microphone permission

    Now, you can access the microphone while using Citrix Workspace app.

Configure the access levels as follows:

  1. Open the Citrix Workspace app and select Settings > Store settings.

  2. Under the Set permissions for option, select a store from the drop-down menu.

    Microphone

  3. Enable Microphone.

    Now, the microphone is enabled and you can use it while using Citrix Workspace app in your Android device.

Location access for every store

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session.

Previously, your setting for location access was applied on all configured stores.

Starting with the version 21.3.0, Citrix Workspace app requires the end user’s permission for every store to access the location. Provide the permission to access the location as follows:

  1. Long press on the Citrix Workspace app icon and tap the App info The app info icon icon.

    CWA App info

  2. Tap Permissions.

    App info

  3. Tap Location.

    App permissions

  4. Select Allow only while using this app.

    Permission

    Now, you can access the location while using Citrix Workspace app.

Configure the access levels as follows:

  1. Open the Citrix Workspace app and select Settings > Store settings.

  2. Under the Set permissions for option, select a store from the drop-down menu.

    Permission

  3. Enable Location.

    Now, location is enabled and you can use it while using Citrix Workspace app in your Android device.

Camera access for every store

The client-selective trust feature allows Citrix Workspace app to trust access from a VDA session. You can grant access to local client drives and hardware devices like microphones and webcams.

Previously, your setting for camera access was applied on all configured stores.

Now, Citrix Workspace app requires the end user’s permission for every store to access the camera phone. Provide the permission to access the camera as follows:

  1. Long press on the Citrix Workspace app icon and tap the App info The app info icon icon.

    CWA App info

  2. Tap Permissions.

    App info

  3. Tap Camera.

    App permissions

  4. Select Allow only while using this app.

    Camera permission

    Now, you can access the camera while using Citrix Workspace app.

Configure the access levels as follows:

  1. Open the Citrix Workspace app and select Settings > Store settings.

  2. Under the Set permissions for option, select a store from the drop-down menu.

    Camera

  3. Enable Camera.

    Now, the camera is enabled and you can use it while using Citrix Workspace app in your Android device.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an affected feature dynamically in Citrix Workspace app even after the feature is shipped. To do so, we use feature flags and a third-party service called LaunchDarkly.

You do not need to make any configurations to enable traffic to LaunchDarkly, except when you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to LaunchDarkly through specific URLs or IP addresses, depending on your policy requirements.

You can enable traffic and communication to LaunchDarkly in the following ways:

Enable traffic to the following URLs

  • events.launchdarkly.com
  • stream.launchdarkly.com
  • clientstream.launchdarkly.com
  • Firehose.launchdarkly.com
  • mobile.launchdarkly.com
  • app.launchdarkly.com

List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see LaunchDarkly public IP list. You can use this list to verify if your firewall configurations are updated automatically in keeping with the infrastructure updates. For details about the status of the infrastructure changes, see the LaunchDarkly Status page.

LaunchDarkly system requirements

Verify if the apps can communicate with the following services if you have split tunneling on Citrix ADC set to OFF for the following services:

  • LaunchDarkly service.
  • APNs listener service

Provision to disable LaunchDarkly service

You can disable LaunchDarkly service on both on-premises and cloud stores.

On the cloud setup, administrators can disable the LaunchDarkly service. Administrator can set the enableLaunchDarkly attribute to False in the Global App Configuration service.

    {
        "assignedTo": [
         "AllUsersNoAuthentication"
        ],
        "category": "Third Party Services",
        "settings": [
           {
            "name": "Enable Launch Darkly",
            "value": "true"
           }
        ],
        "userOverride": false
    }

<!--NeedCopy-->

For more information, see the Global App Configuration service documentation.

On the on-premises deployment, do the following:

  1. Use a text editor to open the web.config file, which is typically at C:\inetpub\wwwroot\Citrix\Roaming directory.
  2. Locate the user account element in the file (Store is the account name of your deployment).

    For example, <account id=... name="Store">. Before the </account> tag, navigate to the properties of that user account:

    <properties>
    <clear/>
    </properties>
    
    <!--NeedCopy-->
    
  3. Add the enableLaunchDarkly tag and set the value as false.

    <property name="enableLaunchDarkly" value="false" />

Note:

Most of the features are behind a feature flag, and LaunchDarkly controls them. In the environments where it is disabled, you have to wait for a minimum of 90 days to avail the feature.

File type association

As a prerequisite for this feature to work, go to the Citrix Workspace app settings and set the Use device storage option to Full Access. An additional option Ask every time is also available so that you’re prompted for permission before accessing your device storage in a session.

Note:

Ask every time option is a setting that applies for each session. It does not carry forward to the next session.

When you select Ask every time, any system-generated access to your device storage might cause the Use device storage prompt to appear (for example, at logoff), which is an expected behavior.

Citrix Workspace app reads and applies the settings configured by administrators in Citrix Studio. To apply FTA in a session, make sure that end users connect to the Store server where the FTA is configured.

On the user device, select the file you want to launch File Explorer and tap Open. The Android operating system provides an option to launch the file using Citrix Workspace app (applying the FTA configured by the administrator) or a different application. Depending on your earlier selection, a default application might or might not be set. You can change the default application using the Change default option.

Note:

This feature is available only on StoreFront and requires Citrix Virtual Apps and Desktops Version 7 or later.

Known issues and limitations in the feature

  1. Smart card authentication might be slower than password authentication. For example, after disconnecting from a session, wait for approximately 30 seconds before you attempt to reconnect. Reconnecting to a disconnected session too quickly might cause Citrix Workspace app to turn unresponsive.
  2. Smart card authentication isn’t supported on farms.
  3. Some users might have a global PIN number for smart cards. However, when users sign in using a smart card account, they must enter the PIV PIN and not the global smart card PIN, which is a third-party limitation.
  4. Citrix recommends that you exit and restart the Citrix Workspace app session after you log off from the smart card account.
  5. Multiple USB smart cards aren’t supported.
  6. You can access only MIME file formats supported by Microsoft Office, Adobe Acrobat reader, and Notepad applications using the file type association feature.

Customer Experience Improvement Program (CEIP)

Data collected Description What we use it for?
Configuration and usage data The Citrix Customer Experience Improvement Program (CEIP) gathers configuration and usage data from Citrix Workspace app and automatically sends the data to Google Analytics for Firebase. This data helps Citrix improve the quality, reliability, and performance of Citrix Workspace app.

Additional Information

Citrix handles your data in accordance with the terms of your contract with Citrix. Your data is protected as specified in the Citrix Services Security Exhibit. This exhibit is available on the Citrix Trust Center.

You can disable sending CEIP data to Citrix and Google Analytics for Firebase (except for the two data elements collected for Google Analytics for Firebase indicated by an * in the following table) by:

  1. Launch the Citrix Workspace app and select Settings.
  2. Select Advanced Preferences.

    The Advanced Preferences dialog appears.

  3. Clear the option Send Usage statistics.

Note:

  • No data is collected for the users in the European Union (EU), European Economic Area (EEA), Switzerland, and the United Kingdom (UK).

The specific CEIP data elements collected by Google Analytics for Firebase are:

       
Operating system version* Workspace app version* Authentication configuration Device information
Session launch method Citrix store type Client drive-mapping configuration  
Session information Recieverconfig.txt usage USB redirection configuration HDX RTME user info
HTTP and HTTPS connection configuration ICA connections protocol info Workspace app review action Disable Firebase Configuration
Number of stores added Screen capture action RSA feature user actions StoreFront Vs Workspace app user count
App update action Operating system update Screen view action App remove
Web view connections App clear data App execution App session start

Migration from on-premises to cloud account

Administrators can seamlessly migrate end users from an on-premises StoreFront store URL to a Workspace URL. Administrators can do the migration with minimum end user interaction using the Global App Configuration service.

To configure:

  1. Navigate to the Global App Configuration Store Settings API URL and enter the cloud Store URL. For example, https://discovery.cem.cloud.us/ads/root/url/<hash coded store URL>/product/workspace/os/ios.
  2. Navigate to API Exploration > SettingsController > postDiscoveryApiUsingPOST > tap POST.
  3. Tap INVOKE API.
  4. Enter and upload the payload details. Enter the StoreFront store expiry date in the epoch timestamp in milliseconds format.

    For example,

    "migrationUrl": [
    {
    
    "url": "<cloud store url>"
    "storeFrontValidUntil": "<epoch timestamp in milliseconds>",
    }
    ]   ,
    <!--NeedCopy-->
    
  5. Tap EXECUTE to push the service.

End user Experience for this feature

As an end user, if you’re using the Citrix Workspace app for the first time, after successful authentication, the Introducing the new Citrix Workspace migration screen appears (if eligible). After you tap the Try new Citrix Workspace now option, migration begins. Upon successful migration, you can access the Workspace store (cloud store).

Note:

You can skip the migration for three times. Later, the migration is forced without an option to skip.

New workspace

After you migrate to the Workspace (cloud) store, you can view both the StoreFront and the Workspace store under Settings. When you switch from a cloud store to the on-premises StoreFront store, a feedback screen appears to gather your response.

Note:

The StoreFront store has an expiry date. Post the expiry date, the store gets deleted.

Use the latest version

This feature helps you to use the latest version of Citrix Workspace app. When you launch the Citrix Workspace app, the in-app prompt asks you to update to the latest version.

Update prompt

When you tap Update, the update happens in the background, and you can continue using the app. You can view the progress on the Snackbar. After the download is complete the following dialog box appears:

Download complete

Tap Relaunch now to use the latest version. If you tap Do it later, the prompt to restart the app appears in the next app launch.

Global App Configuration service channel support

Starting with the 23.4.5 release, administrators can use the Global App Configuration service to define settings and test them before rolling out the configuration to all end users. This process ensures that features and functionalities are well-tested before production.

Note:

  • The Citrix Workspace app for Android supports the Default and Test channel configurations. By default, all users are on the Default channel.

For more information, see the Global App Configuration service documentation.

How to use this feature

To test configurations:

  1. Navigate to Citrix Workspace app Settings > Advanced > App configuration
  2. Select Test channel.

    test channel

    You can now start the test.

Note:

  • Make sure that the app configurations are present on the Test channel. For assistance, contact your organization’s administrator.