Device Posture

End user flow

August 27, 2024

Contributed by:

Once the device posture policies are set and device posture is enabled, the following are the end-user flows based on how the end user is logging into Citrix Workspace.

End-user flow via browser access

Note:

The macOS client and Chrome browser are used as an example for illustration purposes. The screens and the notifications vary depending on the client and the browser that you use for accessing the Citrix Workspace URL.

When an end-user logs on to the Citrix Workspace URL https://<your-workspace-URL through a browser, the end user is prompted to run the Citrix EndPointAnalysis application.
When the end user clicks Open Citrix End Point Analysis, the device posture client runs and scans the endpoint parameters based on device posture policy requirements.
If the device posture client is not installed on the device, the users are redirected to a page that displays the Download plug-in option. If the latest device posture client is already installed on the endpoint, the user must click Check device to confirm the same. Similarly, if the EPA installed on the device is not the latest version, the users are redirected to a page that displays the Update plug-in option. If the EPA client is already updated, then the user must click Check device to confirm the same.

Confirm client version

In both scenarios, if the skip check feature is enabled, the message Alternately, you can continue to Citrix Workspace with restricted access. is displayed on the Download plug-in or the Update plug-in pages.

Skip check message

End-user flow via Citrix Workspace application

When an end-user logs on to the Citrix Workspace URL https://your-workspace-url through the Citrix Workspace application, the device posture client installed on the endpoint runs and scans the endpoint parameters based on device posture policy requirements.
If the latest device posture client isn’t installed on the endpoint, the users are redirected to the page that displays the options Check again and Download Client. The user must click Download Client.
If the latest device posture client is already installed on the endpoint, the user must click Check again.

End-user flow - Device posture results

Based on the device posture policy conditions, three possibilities can occur.

If an endpoint meets the policy conditions such that the device is categorized as;

Compliant - The end user is allowed to log in with unrestricted access to Secure Private Access or Citrix DaaS resources.
Non-compliant - The end user is allowed to log in with restricted access to Secure Private Access or Citrix DaaS resources.

If an endpoint meets the policy conditions such that the device is categorized as Denied access, the Access denied message appears.

Access denied

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

End user flow

August 27, 2024

Contributed by:

August 27, 2024

Contributed by:

End user flow

End-user flow via browser access

End-user flow via Citrix Workspace application

End-user flow - Device posture results

In this article