Save passwords

Using the Citrix Web Interface Management console, you can configure the authentication method to allow users to save their passwords. When you configure the user account, the encrypted password is saved until the first time the user connects. Consider the following:

  • If you enable password saving, Citrix Workspace app for iOS stores the password on the device for future logons and does not prompt for passwords when users connect to applications.


    The password is stored only if users enter a password when creating an account. If no password is entered for the account, no password is saved, regardless of the server setting.

  • If you disable password saving (default setting), Citrix Workspace app for iOS prompts users to enter passwords every time they connect.


For StoreFront direct connections, password saving is not available.

To override password saving

If you configure the server to save passwords, users who prefer to require passwords at logon can override password saving:

  • When creating the account, leave the password field blank.
  • When editing an account, delete the password and save the account.

Use the Save Password feature

Citrix Workspace app for iOS has a feature that streamlines the connection process by allowing you to save your password, which eliminates the extra step of having to authenticate a session every time you open Citrix Workspace app for iOS.


The save password functionality currently works with the PNA protocol. It does not work with StoreFront native mode; however, this functionality works when StoreFront enables PNA legacy mode.

Configure StoreFront

To configure StoreFront to enable the save password functionality:

  1. If you are configuring an existing Store, go to step 3.

  2. To configure a new StoreFront deployment, follow the best practices described in Install, setup, and uninstall Citrix StoreFront.

  3. Open the Citrix StoreFront management console. Ensure the base URL uses HTTPS and is the same as the common name specified when generating your SSL certificate.

  4. Select the Store you want to configure.

  5. Click Configure XenApp Service Support.

  6. Enable XenApp Service support, select the Default store (optional), and Click OK.

  7. Navigate to the template configuration file located at c:\inetpub\wwwroot\Citrix\<store name>\Views\PnaConfig\.

  8. Make a backup of Config.aspx.

  9. Open the original Config.aspx file.

  10. Edit the line <EnableSavePassword>false</EnableSavePassword> to change the false value to true.

  11. Save the edited Config.aspx file.

  12. On the StoreFront server, run PowerShell with administrative rights.

  13. In the PowerShell console:

    a. cd “c:\Program Files\Citrix\Receiver StoreFront\Scripts”

    b. Type “Set-ExecutionPolicy RemoteSigned”

    c. Type “.\ImportModules.ps1”

    d. Type “Set-DSServiceMonitorFeature –ServiceUrl” https://localhost:443/StorefrontMonitor

  14. If you have a StoreFront group, run the same commands on all the members in the group.

Configure Citrix Gateway to save passwords


This configuration uses Citrix Gateway load balance servers.

To configure Citrix Gateway to support the save password functionality:

  1. Log in to the Citrix Gateway management console.

  2. Follow the Citrix best practices to create a certificate for your load balance virtual server(s).

  3. On the configuration tab, navigate to Traffic Management -> Load Balancing -> Servers and click Add.

  4. Enter the server name and IP address of the StoreFront server.

  5. Click Create. If you have a StoreFront group, repeat step 5 for all the servers in the group.

  6. On the configuration tab, navigate to Traffic Management > Load Balancing > Monitor and click Add.

  7. Enter a name for the monitor. Select STOREFRONT as the Type. At the bottom of the page, select Secure (this is required since the StoreFront server is using HTTPS).

  8. Click the Special Parameters Tab. Enter the StoreFront name configured earlier, and select the Check Backed Services and click Create.

  9. On the Configuration tab navigate to Traffic Management > Load Balancing > Service Groups and click Add.

  10. Enter a name for your Service Group and set the protocol to SSL and click Ok.

  11. On the right-hand of the screen under Advanced Settings, select Settings.

  12. Enable Client IP and enter the following for the Header value: X-Forwarded-For and click OK.

  13. On the right-hand of the screen under Advanced Settings, select Monitors. Click the arrow to add new monitors.

  14. Click the Add button and then select the Select Monitor drop down; a list of monitors (those configured on Citrix Gateway) appears.

  15. Click the radio button beside the monitor(s) you created earlier and click Select, then click Bind.

  16. On the right-hand of the screen (under Advanced Settings), select Members. Click the arrow to add new service group members.

  17. Click the Add button and then select the Select Member drop down.

  18. Select the Server Based radio button; a list of server members (those configured on Citrix Gateway) appears. Click the radio button beside the StoreFront server(s) you created earlier.

  19. Enter 443 for the port number and specify a unique number for the Hash ID, then click Create, then click Done. If everything has been configured properly, the Effective State should show a green light, indicating that monitoring is functioning properly.

  20. Navigate to Traffic Management -> Load Balancing -> Virtual Servers and click Add. Enter a name for the server and select SSL as the protocol.

  21. Enter the IP address for the StoreFront load-balanced server and click OK.

  22. Select the Load Balancing Virtual Server Service Group binding, click the arrow then add the Service Group created previously. Click OK twice.

  23. Assign the SSL certificate created for the Load Balance virtual server. Select No Server Certificate.

  24. Select the Load Balance server certificate from the list and click Bind.

  25. Add the domain certificate to the Load Balance Server. Click No CA certificate.

  26. Select the domain certificate and click Bind.

  27. On the right side of the screen, select Persistence.

  28. Change the Persistence to SOURCEIP and set the time out to 20. Click Save, then click Done.

  29. On your domain DNS server, add the load balance server (if not already created).

  30. Launch Citrix Workspace app for iOS on your iOS device and enter the full XenApp URL.

Content Collaboration Service integration

Citrix Content Collaboration enables you to easily and securely exchange documents, send large documents by email, securely handle document transfers to third parties, and access a collaboration space. Citrix Content Collaboration provides many ways to work, including a web-based interface, mobile clients, desktop apps, and integration with Microsoft Outlook and Gmail.

You can access Citrix Content Collaboration functionality from the Citrix Workspace app using the Files tab displayed within Citrix Workspace app. You can view the Files tab only if Content Collaboration Service is enabled in the Workspace configuration in the Citrix Cloud console.


Citrix Content Collaboration integration in Citrix Workspace app is not supported on Windows Server 2012 and Windows Server 2016 due to a security option set in the operating system.

The following image displays example contents of the Files tab of the new Citrix Workspace app:



  • Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log off.
  • Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log off.

Citrix Ready workspace hub

Citrix Ready workspace hub is enabled on Citrix Workspace app when all the following system requirements are met:

  • Citrix Workspace app 1810.1 for iOS or later
  • Bluetooth enabled
  • Mobile device and workspace hub using the same Wi-Fi network


To turn on Citrix Ready workspace hub features, go to Settings and tap Citrix Casting to enable the feature on your device. For more information, see the help documentation for the iOS devices.

Known limitation

  • On VDA 7.18 and earlier, casting to a workspace hub requires the desktop or other resource you are using to have the .h264 full-screen policy enabled and the legacy graphics policy to be disabled.

Session sharing

When users log off from a Citrix Workspace app for iOS account, if there are still connections to applications or desktops, they have the option to disconnect or log off:

  • Disconnect: Logs off from the account but leaves the Windows application or desktop running on the server. The user can then start another device, launch Citrix Workspace app for iOS, and reconnect to the last state before disconnecting from the iOS device. This option allows users to reconnect from one device to another device and resume working in running applications.
  • Log off: Logs off from the account, closes the Windows application, and logs off from the Citrix Virtual Apps and Desktops server. This option allows users to disconnect from the server and log off the account; when they launch Citrix Workspace app for iOS again, it opens in the default state.