Product documentation
Session Recording
Current Release 2507 LTSR 2503 2411 2407 2402 LTSR 2311 2308 2305 2303 2212 2210 2209 2207 2206 2204 2203 LTSR 2201 2112 2110 2109 2107 2106 2104 2103 1912 LTSR 7.15 Service
View PDF

Endpoint recording policies

December 9, 2025
Contributed by: 
C

You can define policies to capture user actions on endpoint devices when accessing Citrix-delivered web apps, virtual apps and desktops.

Prerequisites

Before you begin, ensure you have met the following requirements:

  • Citrix Session Recording server version 2511 or later
  • Citrix Workspace App version 2511 or later
  • Proper integration with Citrix Gateway and StoreFront, see Site settings

Configure endpoint recording policies

You can activate system-defined endpoint recording policies or create and activate your custom endpoint recording policies. System-defined policies apply a single rule to entire sessions. Custom policies specify which sessions are recorded.

Note:

After you create or activate an endpoint recording policy, the policy applies to all Session Recording servers of the selected site. You can create and activate separate endpoint recording policies for different sites, but only one site’s active policy can be in effect globally.

System-defined endpoint recording policies

Session Recording provides the following system-defined endpoint recording policies:

endpoint-1

  • Do not record endpoint sessions. The default policy. If you do not specify another policy, no sessions are recorded.

You can’t modify or delete the system-defined endpoint recording policies.

Create a customer endpoint recording policy

Considerations

You can record endpoint sessions of specific users or groups.

For each rule you create, you specify an endpoint recording action and a rule scope. The recording action applies to sessions that fall into the rule scope.

For each rule, choose one endpoint recording action:

endpoint-2

  • Enable endpoint recording with notification. This option records user actions on endpoint devices. Users receive recording notifications in advance. With this option selected, you can further select to enable recording for Citrix-delivered web apps or Citrix Virtual Apps and Desktops. Additionally, you can choose to extend to full-screen record in endpoint recording.
  • Enable endpoint recording without notification. This option records user actions on endpoint. Users do not receive recording notifications. With this option selected, you can further select to enable recording for Citrix-delivered web apps or Citrix Virtual Apps and Desktops. Additionally, you can choose to extend to full-screen record in endpoint recording.
  • Disable endpoint recording. This option means that no user actions on endpoint devices are recorded.
  • Citrix-delivered web apps. This option lets you record user actions on endpoint devices accessing these apps.
  • Citrix Virtual Apps and Desktops. This option lets record user actions on endpoint devices accessing these apps.

  • Extend to full-screen recording. This option lets you record the entire screen space, including any extended displays.

    endpoint-3

For each rule, choose the following items to create the rule scope.

Users and user groups. Creates a list of users and user groups to which the action of the rule applies. Both Azure Active Directory (Azure AD) and Active Directory identity types are supported. Selecting Azure AD as the identity provider allows you to choose an instance from the drop-down list. The available instances depend on your settings on the Citrix Cloud Identity and Access Management > Authentication tab.

endpoint-4

Note:

Azure AD support is a preview feature. It is available with Session Recording version 2402 and later. Preview features might not be fully localized and are recommended for use in nonproduction environments. Citrix Technical Support doesn’t support issues found with preview features.

When you create more than one rule in an endpoint recording policy, some sessions might match the criteria for more than one rule. In these cases, the rule with the highest priority is applied to the sessions.

The recording action of a rule determines its priority:

  • Rules with the Disable endpoint recording action have the highest priority.
  • Rules with the Enable endpoint recording with notification action have the second-to-highest priority.
  • Rules with the Enable endpoint recording without notification action have the lowest priority.

Some sessions might not meet any rule criteria in an endpoint recording policy. For these sessions, the action of the policy fallback rule applies. The action of the fallback rule is always Disable endpoint recording. You can’t modify or delete the fallback rule.

Steps

  1. Sign in to Citrix Cloud.
  2. In the upper left menu, select My Services > DaaS.
  3. In the DaaS tile, scroll down in the left navigation pane and select Session Recording.
  4. In the Session Recording service view, select Policies from the left navigation.
  5. Select a target site. Choose the Endpoint recording policy.
  6. Click Add policy.
  7. Enter a name and description for the new policy, and then click Add rule.

  8. Enter a name and description for the rule. Specify a endpoint recording action and choose at least one of the following items to create the rule scope.

    For each rule, specify a recording action:

    • Enable endpoint recording with notification.
    • Enable endpoint recording without notification.
    • Disable endpoint recording.

    For each rule, choose the following items to create the rule scope:

    • Users and user groups.
  9. After the new policy is created, find it on the Endpoint recording policy tab and turn the toggle on to activate the policy.

Select the global configuration site

Although you can have different active policies on different sites, only one site’s configuration and active policy can be in effect globally at any time.

Steps

  1. Select Configuration > Site Management from the left navigation of the Session Recording service.
  2. Click Settings for the target site.

  3. On the Endpoint recording page, enable the checkbox of Apply this site’s endpoint recording configuration.

    Note:

    • By checking this box, you are making this site the single source for all endpoint recording.
    • The active policy and configuration you set for this site will now be applied globally. Recording files will be saved to this site’s storage path.
    • All endpoint recording policies and configurations on all other sites will be ignored.

    endpoint-5

  4. Complete the other configuration fields
  • (Optional) Storefront server addresses
    • Required for On-premised StoreFront.

    • Leave this blank if you are using Citrix Cloud StoreFront.

      Note:

      By default, the Cloud StoreFront integration is disabled. You must set the following registry key to enable the Citrix Workspace app to communicate with the Cloud StoreFront service.

      • For 64-bit Citrix Workspace App
       ```
     Location: HKEY_LOCAL_MACHINE\Software\Citrix\Dazzle
     Name: EnableCwaToSraCloudstore
     Type: String
     Value: true
 <!--NeedCopy--> ```
      • For 32-bit Citrix Workspace App
       ```
     Location: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\Dazzle
     Name: EnableCwaToSraCloudstore
     Type: String
     Value: true
 <!--NeedCopy--> ```
  • STA Servers
    • Provides secure ticket authority server address
  • Session Recording server address or load balancer address
    • Enter the address of your Session Recording server or load balancer.
  • Gateway URL
    • Provides on-prem Citrix gateway URL

Note:

For more detailed information on configuration steps, refer to session recording for endpoint devices.

Endpoint recording policies
December 9, 2025
Contributed by: 
C
December 9, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.