Product documentation
Citrix Workspace app for Mac
View PDF

Citrix Workspace app 2311 for Mac - Preview

November 16, 2023
Contributed by: 
S K S

What’s new

Support for authentication using FIDO2 when connecting to on-premises store

Previously, FIDO2-based password-less authentication was supported for connecting to cloud stores. For more information, see FIDO2-based authentication when connecting to cloud store.

With this version, users can also connect to on-premises stores using FIDO2 authentication. FIDO2 security keys provide a seamless way for enterprise employees to authenticate to apps or desktops that support FIDO2 without entering a user name or password. This feature currently supports roaming authenticators (USB only) with PIN code and touchID. This feature is supported on macOS 12 and later versions.

The following table lists the settings that allow you to select the type of browser that is used for authenticating an end user into Citrix Workspace app:

Settings Description
System Allows you to use the user’s default browser for authentication (for example, Safari or Chrome). Authentication occurs outside Citrix Workspace app. Use this setting to support passwordless authentication. This setting tries to use the existing user session from the user’s browser.
SystemWithPrivateSession This setting is similar to the System setting. Citrix Workspace app uses a private session in the browser for authentication. The browser doesn’t save authentication cookies or data. This option doesn’t support single sign-On (SSO).
Embedded Allows you to authenticate within Citrix Workspace app. Citrix Workspace app saves the session data or cookies for SSO (for example, SaaS apps) when the enhanced SSO feature is enabled. This authentication method does not support passwordless authentications such as FIDO2.
EmbeddedWithPrivateSession This setting is similar to the Embedded setting. SSO isn’t supported as session data or cookies aren’t present in Citrix Workspace app.

By default the type of the browser is set to Embedded for the end user. To change the web browser type for authentication, navigate to Preferences > General and select the required option from the Web browser authentication drop-down menu.

Web browser authentication

The administrator can push the preferred Web browser type for the end user and restrict the changes to it by disabling the Web browser authentication option in the UI. To push the configured settings, run the following commands using the Mobile Device Management (MDM), Global App Configuration service (GACS), or command-line interface:

  • Enable FIDO2 using MDM: To enable authentication through MDM, administrators must use the following setting:

    <key>WebBrowserForAuthentication</key><string>System</string>

For more information on how to use MDM, see Mobile Device Management.

  • Enable FIDO2 using GACS: To enable authentication through GACS, administrators must use the following setting:

{
    "serviceURL": {
      "url": "https://serviceURL:443"
    },
    "settings": {
      "name": "Web browser for Authenticating into Citrix Workspace",
      "description": "Allows admin to select the type of browser used for authenticating an end user into Citrix Workspace app",
      "useForAppConfig": true,
      "appSettings": {
        "macos": [
          {
            "assignedTo": [
              "AllUsersNoAuthentication"
            ],
            "category": "authentication",
            "settings": [
              {
                "name": "web browser for authentication",
                "value": "SystemWithPrivateSession"
              }
            ],
            "userOverride": false
          }
        ]
      }
    }
  }

<!--NeedCopy-->

For more information about the web browser settings, see Global App Configuration service documentation.

  • Enable FIDO2 using the command-line interface: To enable authentication using the command-line interface, administrators must run the following command:

    defaults write com.citrix.receiver.nomas WebBrowserForAuthentication System

Enhanced Universal Architecture builds for virtual apps and desktops session

Starting with the 2311 version, the Universal Architecture build can now automatically choose to run the virtual sessions in the native Apple Silicon mode or Intel mode. It uses the Rosetta emulation to launch the virtual session in Intel mode.

The virtual session launches in the native Apple Silicon mode, if the virtual channel SDK is built based on the native Apple Silicon architecture or there’s no virtual channel SDK. However, the virtual session launches in the Intel mode using the Rosetta emulation, if the virtual channel SDK is built based on the x86_64 Intel-based architecture.

Note:

This feature is supported only on Macs with the Apple Silicon chipset.

Enhanced virtual apps and desktops launch experience for Workspace (Cloud users only)

The opening experience of Citrix resources has been enhanced to be more intuitive, informative, and user-friendly. Starting with the 2311 version, this improved virtual apps and desktops launch experience is supported for custom web stores and hybrid launch.

Launch experience

The launch progress notification now appears at the lower-right corner of your screen. A progress status of the resources, which are in the process of being opened is shown. You cannot retrieve the notification once you dismiss it. The notification stays for a few seconds from the time you start the session. If the session fails to start, then the notification shows the failure message.

Launch failure

Note:

This feature is available for both Workspace (cloud) and StoreFront sessions.

Modernized Citrix Virtual Channel SDK for Citrix Workspace app for Mac

Starting with the 2311 version, the Citrix Virtual Channel Software Development Kit (VCSDK) supports writing server-side applications and client-side drivers for more virtual channels using the ICA protocol. The server-side virtual channel applications are on Citrix Virtual Apps and Desktops servers. This version of the SDK supports writing new virtual channels and screen sharing for Citrix Workspace app for Mac.

For more information, see Citrix Virtual Channel SDK for Citrix Workspace app for Mac in the Developer documentation.

Support for TLS protocol version 1.3

Starting with the 2311 version, Citrix Workspace app for Mac supports the latest Transport Layer Security (TLS) version 1.3. To enable the TLS version 1.3, navigate to Preferences > Security and Privacy > TLS and select the TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3 option from the TLS versions drop-down menu.

TLS versions

Support for background blurring in webcam redirection

Starting with the 2311 release, Citrix Workspace app for Mac supports background blurring for webcam redirection. You can enable the background blurring by navigating to Preferences >Mic & Webcam and selecting Turn on background blur effect when using webcam.

Webcam blur

Support for multiple audio devices

Starting with the 2311 release, Citrix Workspace app for Mac displays all available local audio devices in a session with their names. In addition, plug-and-play is also supported.

Support for multiple monitors in full-screen mode

Previously, Citrix supported a maximum of 3 monitors in full-screen mode, including the primary monitor.

Starting with the 2311 version, you can now use full-screen mode on up to five monitors simultaneously.

You can extend multiple monitors in full-screen mode in the following two ways:

  • Using the menu bar
  1. Open the Citrix Viewer.

  2. From the menu bar, click View and select Enter Full Screen to extend full screen.

    Note:

    You can extend the screen to full-screen mode in all connected displays at once by enabling Use All Displays In Full Screen and then selecting Enter Full Screen from the View menu.

  • Using the green button in the app window
  1. Open the Citrix Viewer.
  2. Drag or resize the Citrix Viewer window to make it spread on the monitors that you want to use in full-screen mode.
  3. Move the pointer to the green button in the upper-left corner of the window, then select Enter Full Screen from the menu that appears or click the green button. The screen is now extended to monitors that have an intersection with the window.

Admins can edit the Display memory limit policy, which specifies the maximum video buffer size in kilobytes for a desktop session, to suit the display resolution. The default value for the Display memory Limit policy is 65536 KB and is sufficient only for up to 2x4K monitors (2x32400KB). Admins must increase this value to use five monitors based on the display resolution. You can edit the Display memory Limit by navigating to Citrix Studio > Policies > Display memory limit. For more information about the Display memory limit policy, see the Display memory limit section in the XenApp and XenDesktop documentation.

Deprecation of International menu from the keyboard settings

Previously, you can enable or disable the Use Client IME, Use Composting Mark and Use Client keyboard layout features in the Citrix viewer by navigating to Devices > Keyboard>International.

Starting with the 2311 version, the International menu for the keyboard settings in the Citrix Viewer is deprecated. From this version, the client-side IME is enabled by default.

Support for Audio volume synchronization (Technical Preview)

Previously, audio volume control is independent between the Virtual Delivery Agent (VDA) and your device. You’ve to adjust the volume on both sides to maintain the desired volume. Also, if you’ve muted the volume in your device, then it restricts to unmute the volume in the VDA.

Starting with the 2311 version, Citrix Workspace app for Mac supports synchronization of audio volume between the VDA and your audio devices. You can now tune the volume using the VDA audio volume slider and have the same volume on your device and the other way around. This feature is disabled by default.

This feature is a request‑only preview. To get it enabled in your environment, fill out the Podio form.

Note:

  • You must use VDA version 2308 or later to enable this feature. For more information, see Audio volume synchronization in the Citrix Virtual Apps and Desktops documentation
  • You can provide feedback for this feature using the Podio form.

Support for H.265 video decoding (Technical Preview)

Starting with the 2311 version, Citrix Workspace app for Mac supports the use of the H.265 video codec for hardware acceleration of remote graphics and videos. H.265 video codec must be supported and enabled on both the VDA and Citrix Workspace app. If your Mac device doesn’t support H.265 decoding using the VideoToolbox interface, then the H265 decoding for graphics policy setting is ignored and the session falls back to the H.264 video codec.

Prerequisites:

  • VDA 7.16 or later.
  • Enable the Optimize for 3D graphics workload policy on the VDA.
  • Enable the Use hardware encoding for video codec policy on the VDA.

This feature is a request‑only preview. To get it enabled in your environment, fill out the Podio form.

Note:

H.265 encoding is supported only on the NVIDIA GPU. Run the HDX Monitor 3.x tool to identify if the H.265 video encoder is enabled within the sessions. For more information about the HDX Monitor 3.x tool, see the Knowledge Center article CTX135817. You can provide feedback for this feature using the Podio form.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 119.1.1.29, based on Chromium version 119. For more information, see the Citrix Enterprise Browser documentation.

Improved user experience

Previously, Citrix Enterprise Browser displayed a reconnection modal when you attempted to perform an action after your session expired. Starting with Citrix Workspace app for Mac version 2311 (which corresponds to the Chromium version 119.1.1.29), there is no longer a reconnection modal. Instead, a loading icon now appears on the browser tab when you attempt to perform any action after your session expires.

Improved watermark design

Citrix Enterprise Browser now has a new watermark design that is less intrusive and provides a better user experience.

Support for custom browser extension

Citrix Enterprise Browser has expanded its extension capabilities. Previously, only extensions from the Chrome Web Store were permitted. Citrix Enterprise Browser now allows you to add custom extensions securely. Administrators can configure custom extensions as part of the mandatory list. End users can access and use these extensions either via citrixbrowser://extensions or by clicking the Extensions option under More button as needed.

Mandatory customer extensions

The administrator can configure the custom extensions as part of the mandatory list. You can configure the list of forced extensions in one of the following ways:

Configuration through API

To configure, here is an example JSON file for ExtensionInstallForcelist:

{
"category": "browser",
"userOverride": false,
"assignedTo": [
"AllUsersNoAuthentication"
              ],
"settings": [
                   {
     "name": "Extension Install Force list",
     "value": [
            "custom extension id1; url of custom extension id1",
            "custom extension id2; url of custom extension id2"
                        ]
                        }
                        ]
}
<!--NeedCopy-->

Note:

The default value is an empty list.

Configuration through UI

Select the appropriate checkbox from the UI, and then click Manage settings. You can configure using the JSON data and save the changes.

Mandatory Extensions

Simplified SSO for Web and SaaS apps through the Global App Configuration service

Note:

This feature is available only for StoreFront.

Previously, SSO was configured in Citrix Enterprise Browser using the PowerShell module. From this version, this simplified SSO feature allows you to configure SSO in Citrix Enterprise Browser by using a newly introduced setting in the Global App Configuration service (GACS). Administrators can use this new setting to enable SSO for all web and SaaS apps in Citrix Enterprise Browser. This method eliminates the need for the complex PowerShell module.

Manage SSO for Web and SaaS apps through the Global App Configuration service

Note:

Starting with Citrix Workspace app for Mac 2311, the PowerShell Module for Citrix Workspace Configuration no longer works for Mac platform.

SSO is an authentication capability that enables you to access multiple applications using a single set of login credentials. Enterprises typically use SSO authentication to simplify access to various web, on‑premises, and cloud applications for a better user experience.

The SSO feature gives administrators more control over:

  • User access management
  • Reduction of password‑related support calls
  • Enhancement of security and compliance

Previously, SSO was configured using either the PowerShell Module for Citrix Workspace Configuration or Workspace SSO via SPA.

From this version, this feature aims at reducing the SSO configuration to a single setting within the Global App Configuration service (GACS). This feature applies to all web and SaaS apps across platforms, without configuring the Gateway Service in the identity providers (IdPs) chain. This feature improves the user experience, provided the same IdP is used for authentication to both the Citrix Workspace app and the web or SaaS app.

Prerequisites
  • Use the same identity provider (IdP) for authenticating to the Citrix Workspace app and a particular web or SaaS app.
  • Enable persistent cookies within the third-party IdP configuration for a seamless SSO experience.
  • The minimum Citrix Workspace app version required on the native operating systems is Citrix Workspace app for Mac 2311.
Configuration through API

To configure, here’s an example JSON file to enable SSO feature:

"Citrix Enterprise Browser SSO": {
    "translated": "CitrixEnterpriseBrowserSSO",
    "accepted": "object",
    "default" : None
}
json for admin to apply "Citrix Enterprise Browser SSO" setting:
{
  "category": "Browser",
  "userOverride": false,
  "assignedTo": [
    "AllUsersNoAuthentication"
  ],
  "settings": [
    {
      "name": "Citrix Enterprise Browser SSO",
      "value": {
        "CitrixEnterpriseBrowserSSOEnabled": true,
        "CitrixEnterpriseBrowserSSODomains": [ "abc.com", "def.com" ]
      }
    }
  ]
}
<!--NeedCopy-->

Enhanced capabilities on monitoring end user activities

Previously, administrators were unable to monitor end user activities such as App accessed and Traffic type. Starting with Citrix Workspace app for Windows 2311 and Mac 2311 versions (corresponding to Chromium version 119.1.1.29), you can now monitor these details as well.

  • App accessed: Enterprise Browser provides information about all the apps accessed by the end user, provided the app is listed in the policy document.
  • Traffic type: Enterprise Browser provides information about whether data is sent directly or through Secure Private Access authentication.

To monitor the end user activities from Enterprise Browser, use the Citrix Analytics service using your Citrix Cloud account. After signing in to Citrix Cloud, navigate to Analytics > Security > Search. There, you can refer to Apps and Desktops under the Self-Service Search section. For more information on Citrix Analytics, see Getting started.

App Protection

Support to configure App Protection for Authentication and Self-Service plug-in for on-premises stores

Previously, Citrix Workspace app for Mac supported configuring App Protection for Authentication and Self-Service plug-in using Global App Configuration service UI for customers on cloud stores only.

Starting with the 2311 release, it is available for customers on both cloud and on-premises stores.

Configure using the Global App Configuration service UI

Note:

  • From Citrix Workspace app for Mac versions from 2301 through 2309, you can configure App Protection for Authentication and Self-Service plug-in using Global App Configuration service UI for cloud stores only.

  • Starting with Citrix Workspace app for Mac 2311 version, you can configure App Protection for Authentication and Self-Service plug-in using Global App Configuration service UI for both cloud and on-premises stores. For more information about the screens that are protected, see What does App Protection protect.

Administrators can configure App Protection using the Global App Configuration service UI:

  1. Sign in to your Citrix Cloud account and then click Workspace Configuration. Workspace configuration
  2. Go to App Configuration > Security and Authentication and then click App Protection. App configuration
  3. Click Anti Screen Capture and then select the Mac checkbox.
  4. Click the Enabled toggle button and then click Publish Drafts. GACS anti-screen capture
  5. Click Anti-Key Logging and then select the Mac checkbox.
  6. Click the Enabled toggle button and then click Publish Drafts. GACS anti keylogging Mac

Fixed issues

  • When the first time users add the Store URL, they might not see the FIDO2 authentication browser window. [RFMAC-14518]
  • When using Citrix Workspace app for Mac to access virtual sessions, the mouse scrolling speed might be too fast or too slow in the virtual sessions. [CVADHELP-23514]
  • When using Citrix Workspace app for Mac, you might not be able to switch between recent apps inside the virtual app session by clicking Options + tab keys after upgrading to VDA 2212 or later. [CVADHELP-23464]
  • You might notice that the macOS dock is blocking the windows taskbar of the Remote Desktop Protocol app session launched from Citrix Workspace app for Mac. [CVADHELP-23681]

Known issues

  • No new issues have been observed in this release.
Citrix Workspace app 2311 for Mac - Preview
November 16, 2023
Contributed by: 
S K S
November 16, 2023
Contributed by: 
S K S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.