Citrix Workspace app for Mac

Citrix Product Documentation | docs.citrix.com February 21, 2022

Contents

About this release 3

System requirements and compatibility 22

Install, Uninstall, and Upgrade 28

Update 30

Configure 36

Authenticate 72

Secure communications 74

Citrix Workspace app for Mac

About this release

February 16, 2022

Important

Starting with macOS Catalina, Apple has enforced extra requirements for root CA certificates and

intermediate certificates which administrators must configure. For more information, see Apple

Support article HT210176.

What’s new in 2201

StoreFront to Workspace migration [Technical preview]

As your organization transitions from on-premises StoreFront to Workspace, users are required to

manually add the new Workspace URL to the Workspace app. This feature enables admins to seam-

lessly migrate users from a StoreFront store to a Workspace store with minimal user interaction.

Note:

Technical previews are available for customers to test in their non-production or limited produc-

tion environments, and to share feedback. Citrix does not accept support cases for feature pre-

views but welcomes feedback for improving them. Citrix might or might not act on feedback

based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed

in production environments.

Citrix Workspace app Beta program

Starting with this release, you can automatically update existing installations of Citrix Workspace app

to the most recent beta builds and test them. Beta builds are early access versions released before

the general availability of a fully supported stable release update. You receive an update notification

when the Citrix Workspace app is configured for automatic updates.

To access the beta builds, open the Workspace app, right-click on Citrix Workspace in the toolbar and

click Preferences > Advanced. To update to beta builds, select the Beta channel from the drop-down

list.

Citrix Workspace app for Mac

• Beta - Early access release to easily test and report issues before general availability.

• Release - Fully supported stable release update.

For more information about using this feature, see Update.

Extend multiple monitors in full-screen mode [Technical preview]

You can now enter full-screen mode on two or more monitors simultaneously. To use this feature,

perform the following steps:

1. Open the Citrix Viewer.

2. To use full-screen mode on the other connected monitors, drag the window from your primary

monitor to span into the connected monitors. From the Citrix Viewer toolbar, select Enter Full

Screen. The window goes into full screen mode on those monitors.

Citrix Workspace app for Mac

Note:

If you have previously selected the Use All Displays In Full Screen option, ensure to unse-

lect it as this selection extends full screen on all connected monitors.

3. Drag the Citrix Virtual Desktop window into a monitor to enter full screen mode.

Citrix recommends using a maximum of 3 monitors, including the primary monitor.

Note:

Technical previews are available for customers to test in their non-production or limited produc-

tion environments, and to share feedback. Citrix does not accept support cases for feature pre-

views but welcomes feedback for improving them. Citrix might or might not act on feedback

based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed

in production environments.

Fixed issues in 2201

• While selecting the candidate text from the Input Method Editor composition window using the

le or right arrows in the keyboard, the input cursor doesn’t move accordingly. This issue oc-

curs when you launch a desktop with the Use local keyboard layout, rather than the remote

server keyboard layout check box is selected in the Preferences > Keyboard window of Citrix

Workspace app. This issue is observed only in the Chinese and Japanese language. [HDX-34956]

• The mouse pointer disappears intermittently in Workspace apps sessions and you are not able

to click anything. [HDX-36820]

• The desktop session closes unexpectedly when you drag a cell in a PivotTable in an Excel sheet.

[HDX-37178]

• Sometimes, you experience issues with graphics in your desktop session aer you upgrade to

version 2112 and when lossless and full screen H.264 codec policies are applied. [HDX-37272]

• Aer you upgrade from Workspace app 2010 to version 2112, you can’t connect to desktops or

apps. [RFMAC-10811]

Known issues in 2201

• The client name appears with random characters in the Citrix Broker Service and the Citrix Di-

rector if you are using the workspace app in the oline (intranet) mode. [RFMAC-10842]

Earlier releases

This section lists features in previous releases along with their fixed and known issues. Releases reach

End of Life (EOL) 18 months aer the release date. For details about lifecycle dates for the supported

Citrix Workspace app for Mac

versions, see Lifecycle Milestones for Citrix Workspace app and Citrix Receiver.

2112

What’s new

Support for custom web stores

You can now access your organization’s custom web store from the Citrix Workspace app for Mac. Pre-

viously, you accessed all customized stores through the browser only.

Citrix Workspace app for Mac loads the custom web stores with a browser-like experience and extends

App Protection capabilitiestocustom web stores. Making the customportal accessible from the native

Workspace App provides comprehensive capabilities and user experience for this feature. For more

details about Global App Configuration Service, see Getting Started.

For more information about configuring a custom web store, see Custom web store.

Request control in Microso Teams

With this release, you can request control during a Microso Teams call when a participant is shar-

ing the screen. Once you have control, you can make selections, edits, or other modifications to the

shared screen.

To take control when a screen is being shared, click Request control at the top of the Microso Teams

screen. The meeting participant who’s sharing the screen can either allow or deny your request. When

you’re done, click Release control.

Limitation:

The Request Control option is not available during peer-to-peer calls between an optimized user and

a user on the native Microso Teams desktop client that is running on the endpoint. As a workaround,

users can join a meeting to get the Request Control option.

Dynamic e911

With this release, Citrix Workspace app supports dynamic emergency calling. When used in Microso

Calling Plans, Operator Connect, and Direct Routing, it allows you to do the following:

• Configure and route emergency calls.

• Notify security personnel.

Notification is provided based on the current location of the Workspace app running on the endpoint,

instead of the Microso Teams client that runs on the VDA. Ray Baum’s law requires the 911 caller’s dis-

patchable locationto be transmitted to the appropriate Public SafetyAnswering Point (PSAP). Starting

Citrix Workspace app for Mac

from Citrix Workspace app 2112.1 for Windows, Microso Teams Optimization with HDX is compliant

with Ray Baum’s law. For more information about this feature, see Support for dynamic e911 in the

section Microso Phone System.

PDF Universal Printing (Technical preview)

The PDF universal printing feature is available with the Citrix Virtual Apps and Desktops 2112 release.

This feature is disabled by default. To use this feature, you must sign up by using this web form. The

feature is enabled for you once we receive your information. You also receive instructions about using

the feature and the printing policies that must be enabled.

Note:

Technical previews are available for customers to test in their non-production or limited produc-

tion environments, and to share feedback. Citrix does not accept support cases for feature pre-

views but welcomes feedback for improving them. Citrix might or might not act on feedback

based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed

in production environments.

Service continuity

Service continuity removes or minimizes the dependency on the availability of components that are

involved in the connection process. Users can launch their virtual apps and desktops regardless of the

health status of the cloud services. Citrix Workspace Web extensions make service continuity available

to users who access their apps and desktops through a browser.

Together, the Workspace app and the Workspace Web extension use Workspace connection leases

to give browser users access to their apps and desktops during outages. For more information, see

Service continuity

Citrix Workspace Browser

This release of the Workspace Browser is based on Chromium version 95. For features or bugs fixes in

the Citrix Workspace browser, see What’s new in the Citrix Workspace browser documentation.

Fixed issues

• The “Cannot connect to server error” appears when the transport protocol switches from En-

lightened Data Transport (EDT) to TCP. [CVADHELP-18310]

• If a Progressive Web App (PWA) that is protected is opened on macOS, the App Protection poli-

cies aren’t enforced. [RFMAC-10128]

Citrix Workspace app for Mac

2111

What’s new

• With this release, users cannot manually roll back Citrix Workspace app for Mac to a version

that is lower than the version installed on their systems. For example, if a Mac device has Cit-

rix Workspace app Version 2109 installed on it, then you cannot manually roll back the app to

version 2108 or lower.

• Launch the remote desktop session with a permanent license, if you’re running Client Access

Licenses (CAL) to access remote desktops. You can launch the remote desktop session when

the client ID is greater than 15 characters.

• To load Citrix Virtual Channel SDK on a Mac running Citrix Workspace app 2111, you must recom-

pile your custom virtual channels. For details, see Update Custom Virtual Channels on Citrix

Workspace app for Mac.

Support for custom web stores [Technical preview]

With this release, you can access your organization’s custom web store from the Citrix Workspace app

for macOS. Admins must add the custom web store to the list of allowed URLs in the Global App Con-

figuration Service to use this feature. Aer adding the URLs, you can provide the custom web store

URL in the Add Account option in Citrix Workspace app. The custom web store opens in the native

Workspace app for macOS.

Note:

Technical previews are available for customers to test in their non-production or limited produc-

tion environments, and to share feedback. Citrix does not accept support cases for feature pre-

views but welcomes feedback for improving them. Citrix might or might not act on feedback

based on its severity, criticality, and importance. It is advised that Beta builds aren’t deployed

in production environments.

Citrix Workspace Browser - For new features or bugs fixes in Citrix Workspace browser, see What’s

new in the Citrix Workspace browser documentation.

Fixed issues

• On devices running macOS, Advanced Audio Coding (AAC) is not supported. [CTXBR-1844]

• If you have configured the Workspace app using the .cr file and signed in with your credentials,

there’s a delay before the home page appears. [RFMAC-9990]

• Open a protected SaaS app, open a new tab, and separate the new tab into a new window by

dragging it out of the tab bar. Now arrange two windows next to each other and open a new

Citrix Workspace app for Mac

tab in the second window and take a screenshot. You are able to capture the screenshot for the

protected SaaS app as well in. [RFMAC-10060]

• Switching from one store to another might sign you out from the first store. [RFMAC-10137]

• When you enter incorrect credentials while signing into the Workspace app, the “Incorrect cre-

dentials” error message doesn’t appear and an authentication prompt appears again. Some-

times, Domain\User appears in the authentication prompt instead of User name. [RFMAC-

10210]

• Calls fail when an optimized Microso Teams P2P call is made from Citrix Workspace app for

Mac 2109 to Citrix Workspace app for Windows 2109. [HDX-35223]

2109.1

What’s new

macOS Monterey Support

Citrix Workspace app for Mac is supported on macOS Monterey (12.0.1).

Fixed issues

• If you have opened a protected app, an unprotected SaaS app, and a protected desktop session,

the browser exits unexpectedly. This issue occurs when you switch from the protected desktop

session window to the unprotected SaaS app. [CTXBR-2087]

• If your admin has installed external extensions in Google Chrome, the Citrix Workspace Browser

crashes when you open it. [CTXBR-2135]

2109

What’s new

Note:

If Service continuity is enabled, and you upgrade to version 2109, the connection lease files are

refreshed. All the existing leases are deleted and new leases are fetched as part of functionality

enhancements.

Citrix Workspace app for Mac on macOS Monterey Beta

Citrix Workspace app 2109 for Mac has been tested on macOS Monterey Beta 7. Use this setup in a test

environment and provide your feedback.

Citrix Workspace app for Mac

Caution:

Do not use Citrix Workspace app for Mac on macOS Monterey Beta versions in production envi-

ronments.

Email-based auto-discovery of store

You can now provide your email address in Citrix Workspace app for Mac to automatically discover

the store associated with the email address. If there are multiple stores associated with a domain, by

default the first store returned by the Global App Configuration Service is added as the store of choice.

Users can always switch to another store if necessary.

Citrix Workspace Browser

Citrix Workspace Browser is a native browser running on the client machine. It enables users to open

web or SaaS apps from the Citrix Workspace app in a secure manner. The browser ensures a consistent

user interface while accessing various web or SaaS apps while improving your productivity and giving

you a great performance in rendering those apps.

With a continued focus on enriching the user-experience, the new Workspace browser brings you an

enhanced and a more native browser-like experience, complete with the following features:

• VPN-less access to internal webpages

• Microphone and webcam support

Citrix Workspace app for Mac

• Tabbed browsing experience

• Multi-window views

• Editable omnibox

• Bookmarks

• Shortcuts on the new tab page

• Customizable settings

• Analytics

Admins can enable Secure Workspace Access (SWA) or App protection policies including anti key-

logging, anti-screen capture, download, printing, clipboard restrictions, and watermarking in varying

combinations on a per-URL basis.

For more information, see Citrix Workspace Browser documentation.

End Point Analysis (EPA) enhancement

Starting with this release, Citrix Workspace app for macOS supports End Point Analysis (EPA). Ad-

vanced Endpoint Analysis (EPA) scans the device for endpoint security requirements configured on

the Citrix Gateway. When the scan completes successfully, a user is granted access.

Note:

This feature works only if you have configured nFactor authentication in your environment.

For more information about the EPA scan, see Advanced Endpoint Analysis scans.

Adaptive audio

With Adaptive audio, you don’t need to configure the audio quality policies on the VDA. Adaptive audio

optimizes settings for your environment and replaces legacy audio compression formats to provide

an excellent user experience. For more information, see Adaptive Audio.

Support for H.264 Advanced Video Coding (MPEG-4 AVC) with Microso Teams

This release includes support for hardware accelerated H.264 video encoding/decoding, which re-

duces the load on CPU usage and improves your video conferencing experience. The multimedia

engine of Citrix HDX optimized Microso Teams (HdxRtcEngine.exe) now uses Apple’s Video Toolbox

framework for encoding and decoding. This framework compresses and decompresses video faster

and in real time. Also, the oloading of encoding and decoding to the GPU is optimized. Hardware

accelerated video decoding and encoding is enabled by default if a device supports it. This enhance-

ment reduces the load on the CPU during multimedia usage when Microso Teams is optimized with

HDX.

Citrix Workspace app for Mac

Fixed issues

• Aer you sign in to the Workspace app for Mac, you are prompted for authentication aer a few

hours. [RFMAC-10032]

• When you add a store in the Workspace app, change the authentication domain in the server

console, leave the app idle for a few minutes, and then open any app or desktop session, the

workspace app may crash. [RFMAC-10133]

• When a virtual app or desktop is already running and you start another virtual app or desktop,

Citrix Viewer appears but the virtual app does not open. This issue occurs on devices running

macOS 11.6. [RFMAC-10134]

2108.1

What’s new

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

When a virtual app or desktop is already running and you start another virtual app or desktop, Citrix

Viewer appears but the virtual app does not open. This issue occurs on devices running macOS 11.6.

[RFMAC-10134]

2108

What’s new

Citrix Workspace app for Mac now supports Maximum Transmission Unit (MTU) discovery in Enlight-

ened Data Transport (EDT). It increases the reliability and compatibility of the EDT protocol and pro-

vides an improved user experience.

Note:

EDT MTU discovery is supported on macOS Big Sur and later.

Fixed issues

• There is a lag in video during conference calls in Microso Teams. [HDX-32603]

• On Mac clients running macOS Big Sur, an HTTP 404 or HTTP/1.1 internal server error might

occur. The issue occurs when attempting to reconnect to sessions. [RFMAC-9448]

Citrix Workspace app for Mac

2107

What’s new

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

This release also addresses several issues that help to improve overall performance and stability.

2106

What’s new

Support for customized URLs through 301 redirects

You can add URLs that redirect to Citrix Workspace from StoreFront or Citrix Gateway through HTTP

301 redirects.

If you’re migrating from StoreFront to Citrix Workspace, you can redirect the StoreFront URL to a Citrix

Workspace URL through an HTTP 301 redirect. As a result, when adding an old StoreFront URL, you’re

automatically redirected to Citrix Workspace.

Example of a redirect:

The StoreFront URL: https://< Citrix Storefront url>/Citrix/Roaming/Accounts can

be redirected to a Citrix Workspace URL: https://<Citrix Workspace url>/Citrix/Roaming

/Accounts.

Note:

• Citrix Workspace app for Mac does not support Dual Tone Multi Frequency (DTMF) with Mi-

croso Teams due to pending changes from Microso.

• From this release onward, the Citrix Viewer’s version number and the Citrix Workspaceapp’s

version number might not match. This change does not aect your experience.

Service continuity

Service continuity removes or minimizes the dependency on the availability of components that are

involved in the connection process. Users can launch their virtual apps and desktops regardless of

the health status of the cloud services.

For more information, see Service continuity section in the Citrix Workspace documentation.

Citrix Workspace app for Mac

Fixed issues

This release also addresses several issues that help to improve overall performance and stability.

2104

What’s new

Citrix Workspace app for Mac supports manual user sign-on to network shares unless your organiza-

tion enables single sign-on. To access shared network locations, open Citrix Workspace app, navigate

to Files > Network Shares and provide your credentials. For more information about setting up net-

work shares, see Create and manage storage zone connectors.

Fixed issues

This release also addresses several issues that help to improve overall performance and stability.

2102

What’s new

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

This release also addresses several issues that help to improve overall performance and stability.

2101

What’s new

Apple silicon (M1 chip) support

Citrix Workspace app for Mac now supports Apple silicon devices (M1 chip) using Rosetta 2 on macOS

Big Sur (11.0 and later). As a result, all third party virtual channels must use Rosetta 2. Otherwise,

these virtual channels might not work in Citrix Workspace app for Mac on macOS Big Sur (11.0 and

later). For more information about Rosetta, see the Apple support article.

Microso Teams optimization support for seamless app sessions

Citrix Workspace app for Mac now supports Microso Teams optimization for seamless app sessions.

As a result, you can launch Microso Teams as an application from within the Workspace app. For

more information, see the following:

Citrix Workspace app for Mac

• Optimization for Microso Teams

• Microso Teams redirection

Support for Dual Tone Multi Frequency (DTMF) with Microso Teams

Citrix Workspace app for Mac now supports Dual Tone Multi Frequency (DTMF) signaling interaction

with telephony systems (for example, PSTN) and conference calls in Microso Teams. This feature is

enabled by default.

Fixed issues

• Attempts to open a Microso Teams meeting using OWA (Outlook Web App) might fail, causing

all related windows to exit unexpectedly. [CTXBR-1175]

• When you start a video call, Microso Teams might become unresponsive, displaying a Citrix

HDX not connected error. [RFMAC-6727]

• On macOS Big Sur (11.0.1), attempts to connect USB devices might fail, causing the session to

exit unexpectedly. [RFMAC-7079]

• In a published desktop, files saved to your local Mac device might display a file created date of

30 Nov 1979 instead of the current date. [CVADHELP-16309]

• Sometimes, the logon screen in published apps might not display properly, resulting in a re-

duced window size and red background color. [CVADHELP-16027]

• Audio calls might disconnect on your side when you disconnect and connect audio devices.

[RFMAC-7371]

• Attempts to copy text from within Oice 365 apps might succeed even when the clipboard re-

striction policy is enabled. [CTXBR-1166]

• Attempts to launch Microso Teams might fail due to issues with the HDX RealTime Connector

engine and the following error message appears.

Sorry, we couldn't connect you

[CVADHELP-16432]

2012

What’s new

Apple silicon (M1 chip) support preview

Citrix Workspace app for Mac now supports Apple silicon devices (M1 chip) on a preview basis.

Citrix Workspace app for Mac

Screen sharing optimization with Microso Teams

Citrix Workspace app for Mac now supports screen sharing optimization with Microso Teams. For

more information, see the following:

• Optimization for Microso Teams

• Microso Teams redirection

Performance improvements

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

• When using Citrix Workspace app for Mac 2008 or later, attempts to launch multiple instances

of a published application might fail. [CVADHELP-16019]

• Attempts to launch Generic USB redirection might fail when you use a USB docking station.

[RFMAC-6687]

• Attempts to open a window using CTRL+O in published desktops might result in two open win-

dows. [CVADHELP-15747]

• When using Citrix Workspace app for Mac on macOS Big Sur Beta, audio calls might disconnect.

The issue occurs when you disconnect audio devices and connect dierent audio devices during

an audio call. [RFMAC-6112]

• HDX RealTime Connector engine might exit unexpectedly when you turn the camera on and o

in Microso Teams. [RFMAC-6293]

• Attempts to launch Citrix Files from within Workspace app for Mac might fail due to issues with

single sign-on. [RFMAC-4477]

2010

What’s new

Authentication enhancement

To provide a seamless experience, the authentication dialog now appears inside Citrix Workspace app.

The Store details appear on the logon screen. Authentication tokens are encrypted and stored so that

you don’t need to reenter the credentials if there is a system reboot or session restart.

Note:

This authentication enhancement is applicable only in cloud deployments.

Citrix Workspace app for Mac

macOS Big Sur support

Citrix Workspace app for Mac is supported on macOS Big Sur (11.0.1).

Performance improvements

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

• Attempts to launch published desktops or applications might fail, displaying an error message.

The issue occurs if your computer name contains special characters. [CVADHELP-15492]

• Attempts to sign in to published applications and desktop sessions might fail. The issue occurs

when you use a mouse to click OK to sign in. [CVADHELP-15300]

2009

What’s new

Optimization for Microso Teams (preview)

Optimization for desktop-based Microso Teams using Citrix Virtual Apps and Desktops and Citrix

Workspace app. Optimization for Microso Teams is similar to HDX RealTime Optimization for Mi-

croso Skype for Business. The dierence is that we bundle all the necessary components for Mi-

croso Teams optimization into the VDA and the Workspace app for Mac. Citrix Workspace app for

Mac supports audio and video with Microso Teams optimization.

For more information, see the following:

• Optimization for Microso Teams

• Microso Teams redirection

• Known issues

Citrix Workspace app for Mac on macOS Big Sur Beta

Citrix Workspace app 2009 for Mac has been tested on macOS Big Sur Beta 8. Please use this setup

in a test environment and provide your feedback. See the Known issues section for issues specific to

macOS Big Sur Beta.

Caution:

Do not use Citrix Workspace app for Mac on macOS Big Sur Beta versions in production environ-

ments.

Citrix Workspace app for Mac

Kernel extensions for USB redirection

Citrix Workspace app 2009 for Mac is no longer dependent on kernel extensions (KEXT) for USB redi-

rection.

Fixed issues

This release also addresses several issues that help to improve overall performance and stability.

2008

What’s new

Performance improvements

This release addresses several issues that help to improve overall performance and stability.

macOS version support

Citrix Workspace app 2008 for Mac is the last release that supports macOS versions High Sierra (10.13)

and Mojave (10.14).

Fixed issues

If you add the EULA on VDAs, attempts to launch published desktops might result in a gray or black

screen. [CVADHELP-14986]

2007

What’s new

Performance improvements

This release addresses several issues that help to improve overall performance and stability.

Fixed issues

• When a user enables Enlightened Data Transport (EDT) on Citrix Gateway, issues in the client au-

dio settings might cause Citrix Workspace app for Mac to exit unexpectedly. [CVADHELP-14686]

• When the Intel SDK is used on VDAs that have the Use video codec for compression policy

enabled, attempts to launch published desktops might result in a green screen. [CVADHELP-

13647]

Citrix Workspace app for Mac

• Attempts to get the WMI (Windows Management Instrumentation) latency data might fail in Cit-

rix Workspace app for Mac versions 2002 and 2005. [RFMAC-4325]

2006

What’s new

Update to Citrix Analytics Service

Citrix Workspace app is instrumented to securely transmit data to Citrix Analytics Service from ICA

sessions that you launch from a browser. For more information on how Citrix Analytics uses this infor-

mation, see Self-Service for Performance and Self-service search for Virtual Apps and Desktops.

H.264 support for webcam redirection

Citrix Workspace app for Mac now supports the H.264 (also known as MPEG-4 AVC) video compression

standard. As a result, 64-bit published apps can now use webcam redirection.

Stability improvements

This release addresses issues that help to improve overall stability.

Fixed issues

• Attempts to sign in to Citrix Workspace app for Mac might fail, displaying an unrelated UI. As a

workaround, click Refresh apps on the menu to load the store. [RFMAC-4063]

Known issues

Known issues in 2112

No new issues have been observed in this release.

Known issues in 2111

No new issues have been observed in this release.

Known issues in 2109.1

No new issues have been observed in this release.

Citrix Workspace app for Mac

Known issues in 2109

• If you have configuredthe Workspace app using the .cr file, and signed in with your credentials,

the home page appears aer a delay. [RFMAC-9990]

• If a Progressive Web App (PWA) that is protectedis opened on macOS, the App Protection policies

aren’t enforced. [RFMAC-10128]

• Aer you add stores in the Workspace app and change the Current Reauthentication Period in

Reauthentication Period for Workspace App and switch from on-premises to the cloud store

aera few minutes, you are signed out of the cloud storeand an authenticationprompt appears.

Once you sign in to the Workspace app, the spinner appears indefinitely and you are unable to

Known issues in 2108.1

No new issues have been observed in this release.

Known issues in 2108

When you start a subscribed SaaS app aer changing the authentication domain in the server console,

the session does not start and the following error message appears:

“AuthDomain has changed. Please sign in again aer some time” [RFMAC-9616]

Known issues in 2107

When you change the authentication domain in the server console and sign in with your credentials,

the following error message appears:

“Cannot connect to the server”

You can access the store once you click OK. [RFMAC-9494]

Known issues in 2106

A black window appears when you share your screen. [HDX-30083]

Known issues in 2104

No new issues have been observed in this release.

Known issues in 2102

No new issues have been observed in this release.

Citrix Workspace app for Mac

Known issues in 2101

• Attempts to access files under Network Shares from within Workspace app for Mac might fail

even when the option is enabled. [RFMAC-7272]

• On macOS Big Sur, attempts to launch the web SAML single sign-on app on Citrix Workspace

app for Mac might fail, displaying the following error message.

Page could not load. Please try again later or contact your administrator

for assistance. Incident ID:-202

[RFMAC-7282]

Known issues in 2012

• When you start a video call, Microso Teams might become unresponsive, displaying a Citrix

HDX not connected error. As a workaround, restart Microso Teams or the VDA. [RFMAC-

6727]

• Video calls on Microso Skype for Business are not supported on macOS Big Sur (11.0.1).

• On macOS Big Sur (11.0.1), attempts to connect USB devices might fail, causing the session to

exit unexpectedly. As a workaround, reconnect the USB device. [RFMAC-7079]

Known issues in 2010

• On Skype for Business, incoming video is not visible on macOS Big Sur (11.0.1).

• When using Citrix Workspace app for Mac 2008 or later, attempts to launch multiple instances

of a published application might fail. [CVADHELP-16019]

• Attempts to launch Generic USB redirection might fail when you use a USB docking station.

[RFMAC-6687]

• When using a MacBook Pro 2018 and later and FaceTime, users might see a green, black, or a

distorted rectangular bar at the bottom of the video preview. [RFMAC-2829]

Known issues in 2009

• Only third-party applications such as Microso PowerPoint can be shared when you use screen

sharing in Microso Teams on Citrix Workspace app for Mac. However, incoming screen sharing

is fully supported. [RFMAC-3403]

• When using Citrix Workspace app for Mac on macOS Big Sur Beta, audio calls might disconnect.

The issue occurs when you disconnect audio devices and connect dierent audio devices during

an audio call. [RFMAC-6112]

Citrix Workspace app for Mac

• HDX RealTime Connector engine might exit unexpectedly when you switch camera devices on

an optimized video call in Microso Teams. [RFMAC-6157]

• Audio and video calls might disconnect when you switch networks in Microso Teams. [RFMAC-

6292]

• In a cloud deployment, published desktops might launch with a mismatch in background color.

The issue occurs intermittently on some macOS Big Sur Beta versions. [RFMAC-6343]

• The installer icon for Citrix Workspace app for Mac might be missing when you open the Citrix-

WorkspaceApp.dmg file. The issue occursintermittently on some macOS Big Sur Betaversions.

[RFMAC-6378]

• HDX RealTime Connector engine might exit unexpectedly when you turn the camera on and o

in Microso Teams. [RFMAC-6293]

Known issues in 2008

No new issues have been observed in this release.

Known issues in 2007

No new issues have been observed in this release.

Known issues in 2006

No new issues have been observed in this release.

Third-party notices

Citrix Workspace app might include third-party soware licensed under the terms defined in the fol-

lowing document:

Citrix Workspace app for Mac Third-Party Notices

System requirements and compatibility

February 7, 2022

Supported operating systems

Citrix Workspace app for Mac supports the following operating systems:

• macOS Monterey (12.0.1)

Citrix Workspace app for Mac

• macOS Big Sur 11 (including minor and patch versions)

• macOS Catalina (10.15)

Compatible Citrix products

Citrix Workspace app for Mac is compatible with all currently supported versions of the following Citrix

products. For information about the Citrix product lifecycle, and to find out when Citrix stops support-

ing specific versions of products, see the Citrix Product Lifecycle Matrix.

Compatible browsers

Citrix Workspace app for Mac is compatible with the following browsers:

• Safari 7.0 and later

• Mozilla Firefox 22.x and later

• Google Chrome 28.x and later

Hardware requirements

• 257.7 MB of free disk space

• A working network or Internet connection to connect to servers

Soware requirements

• To deploy Citrix Workspace app for Mac:

– Citrix Workspace for Web 2.1, 2.5 and 2.6

• StoreFront:

StoreFront 2.x or later to access apps natively from Citrix Workspace app for Mac or from a web

browser.

Connections, Certificates, and Authentication

Connections

Citrix Workspace app for Mac supports the following connections to Citrix Virtual Apps and Desktops:

• HTTPS

• ICA-over-TLS

Citrix Workspace app for Mac supports the following configurations:

Citrix Workspace app for Mac

For LAN connections For secure remote or local connections

StoreFront using StoreFront services or Citrix

Receiver for website;

Citrix Gateway 10.5–12.0, including VPX;

Enterprise Edition 9.x-10.x, including VPX; VPX

Certificates

Private (Self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate for the organization’s

certificate authority must be installed on the user device. Then, you can successfully access Citrix

resources using Citrix Workspace app for Mac.

Note:

When the remote gateway’s certificate can’t be verified upon connection, an untrusted certificate

warning appears, as the root certificate isn’t included in the local keystore. When a user chooses

to continue through the warning, a list of applications is displayed. However, applications fail to

launch.

Importing root certificates on Citrix Workspace app for Mac devices

Obtain the certificate issuer’s root certificate and email it to an account configured on your device.

When clicking the attachment, you are asked to import the root certificate.

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same

domain. Citrix Workspace app for Mac supports wildcard certificates.

Intermediate certificates with Citrix Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be

mapped to the Citrix Gateway server certificate. For information on this task, see Citrix Gateway

documentation. For more information about installing, linking, and updating certificates, see How

to Install and Link Intermediate Certificate with Primary CA on Citrix Gateway.

Joint Server Certificate Validation Policy

Citrix Workspace app for Mac has a stricter validation policy for server certificates.

Citrix Workspace app for Mac

Important

Before installing this version of Citrix Workspace app for Mac, confirm that the server or gateway

certificates are correctly configured as described here. Connections can fail if:

• the server or gateway configuration includes a wrong root certificate

• the server or gateway configuration does not include all intermediate certificates

• the server or gateway configuration includes an expired or otherwise invalid intermediate

certificate

• the server or gateway configuration includes a cross-signed intermediate certificate

When validating a server certificate, Citrix Workspace app for Mac now uses all the certificates sup-

plied by the server (or gateway) when validating the server certificate. As in previous Citrix Workspace

app for Mac releases, it then also checks that the certificates are trusted. If the certificates are not all

trusted, the connection fails.

This policy is stricter than the certificate policy in web browsers. Many web browsers include a large

set of root certificates that they trust.

The server (or gateway) must be configured with the correct set of certificates. An incorrect set of

certificates might cause Citrix Workspace app for Mac’s connection to fail.

Suppose that a gateway is configured with these validcertificates. This configuration is recommended

for customers who require stricter validation, by determining exactly which root certificate is used by

Citrix Workspace app for Mac:

• “Example Server Certificate”

• “Example Intermediate Certificate”

• “Example Root Certificate”

Then, Citrix Workspace app for Mac checks that all these certificates are valid. Citrix Workspace app

for Mac also checks that it already trusts “Example Root Certificate”. If Citrix Workspace app for Mac

does not trust “Example Root Certificate,” the connection fails.

Important

Some certificate authorities have more than one root certificate. If you require this stricter vali-

dation, ensure that your configuration uses the appropriate root certificate. For example, there

are currently two certificates (“DigiCert”/”GTE CyberTrust Global Root,” and “DigiCert Baltimore

Root”/”Baltimore CyberTrust Root”) that can validate the same server certificates. On some user

devices, both root certificates are available. On other devices, only one is available (“DigiCert

Baltimore Root”/”Baltimore CyberTrust Root”). If you configure “GTE CyberTrust Global Root” at

the gateway, Citrix Workspace app for Mac connections on those user devices fail. Consult the

certificate authority’s documentation to determine which root certificate must be used. Root

certificates eventually expire, as do all certificates.

Citrix Workspace app for Mac

Note

Some servers and gateways never send the root certificate, even if configured. Stricter validation

is then not possible.

Now suppose that a gateway is configured with these valid certificates. This configuration, omitting

the root certificate, is normally recommended:

• “Example Server Certificate”

• “Example Intermediate Certificate”

Then, Citrix Workspace app for Mac uses these two certificates. It then searches for a root certificate

on the user device. If it finds a trusted certificate that validates correctly, such as “Example Root Cer-

tificate”, the connection succeeds. Otherwise, the connection fails. This configuration supplies the

intermediate certificate that Citrix Workspace app for Mac needs, but also allows Citrix Workspace

app for Mac to choose any valid, trusted, root certificate.

Now suppose that a gateway is configured with these certificates:

• “Example Server Certificate”

• “Example Intermediate Certificate”

• “Wrong Root Certificate”

A web browser might ignore the wrong root certificate. However, Citrix Workspace app for Mac does

not ignore the wrong root certificate, and the connection fails.

Some certificate authorities use more than one intermediate certificate. In this case, the gateway is

normally configured with all the intermediate certificates (but not the root certificate) such as:

• “Example Server Certificate”

• “Example Intermediate Certificate 1”

• “Example Intermediate Certificate 2”

Important

Some certificate authorities use a cross-signed intermediate certificate, intended for situations

when there is more than one root certificate. An earlier root certificate is still in use at the same

time as a later root certificate. In this case, there are at least two intermediate certificates. For

example, the earlier root certificate “Class 3 Public Primary Certification Authority” has the cor-

responding cross-signed intermediate certificate “Verisign Class 3 Public Primary Certification

Authority - G5.” However, a corresponding later root certificate “Verisign Class 3 Public Primary

Certification Authority - G5” is also available, which replaces “Class 3 Public Primary Certification

Authority.” The later root certificate does not use a cross-signed intermediate certificate.

Note

The cross-signed intermediate certificate and the root certificate have the same Subject name

Citrix Workspace app for Mac

(Issued To), but the cross-signed intermediate certificate has a dierent Issuer name (Issued By).

This distinguishes the cross-signed intermediate certificate from an ordinary intermediate cer-

tificate (such “Example Intermediate Certificate 2”).

This configuration, omitting the root certificate and the cross-signed intermediate certificate, is nor-

mally recommended:

• “Example Server Certificate”

• “Example Intermediate Certificate”

Avoid configuring the gateway to use the cross-signed intermediate certificate, as it selects the earlier

root certificate:

• “Example Server Certificate”

• “Example Intermediate Certificate”

• “Example Cross-signed Intermediate Certificate” [not recommended]

It is not recommended to configure the gateway with only the server certificate:

• “Example Server Certificate”

In this case, if Citrix Workspace app for Mac cannot locate all the intermediate certificates, the connec-

tion fails.

Authentication

For connections to StoreFront, Citrix Workspace app for Mac supports the following authentication

methods:

Workspace

for Web using

browsers

StoreFront

Services site

(native)

StoreFront

XenApp

Services site

(native)

Citrix

Gateway to

Workspace

for Web

(browser)

Citrix

Gateway to

StoreFront

Services site

(native)

Anonymous Yes Yes

Domain

Yes

Yes*

Domain

pass-through

Security

token

Yes* Yes*

Citrix Workspace app for Mac

Workspace

for Web using

browsers

StoreFront

Services site

(native)

StoreFront

XenApp

Services site

(native)

Citrix

Gateway to

Workspace

for Web

(browser)

Citrix

Gateway to

StoreFront

Services site

(native)

Two-factor

authentica-

tion (domain

with security

token)

Yes* Yes*

SMS Yes* Yes*

Smart card Yes Yes Yes* Yes

User

certificate

Yes Yes (Citrix

Gateway

Plug-in)

*Available only for deployments that include Citrix Gateway, with or without installing the associated

plug-in on the device.

Install, Uninstall, and Upgrade

February 7, 2022

Citrix Workspace app for Mac contains a single installation package and supports remote access

through Citrix Gateway, and Secure Web Gateway.

You can install Citrix Workspace app for Mac in any of the following ways:

• From the Citrix website

• Automatically from Workspace for Web

• Using an Electronic Soware Distribution (ESD) tool.

Manual install

By a user from Citrix.com

As a first-time user, you can download Citrix Workspace app for Mac from Citrix.com or your own down-

load site. You can then set up an account by entering an email address instead of a server URL. Citrix

Citrix Workspace app for Mac

Workspace app for Mac determines the Citrix Gateway or StoreFront server associated with the email

address. Then it prompts the user to log on and continue the installation. This feature is referred to

as email-based account discovery.

Note:

A first-time user is a user who does not have Citrix Workspace app for Mac installed on their user

device.

Email-based account discovery for a first-time user does not apply if you have downloaded from a

location other than Citrix.com (such as a Citrix Receiver for website).

If your site requires the configuration of Citrix Workspace app for Mac, use an alternate deployment

method.

Using an Electronic Soware Distribution (ESD) tool

A first-time Citrix Workspace app for Mac user must enter a server URL to set up an account.

From Citrix Downloads page

You can install Citrix Workspace app for Mac from a network share, or directly on to the user device.

You can install the app by downloading the file from the Citrix website at Downloads.

To install Citrix Workspace app for Mac:

1. Download the .dmg file for the version of Citrix Workspace app for Mac you want to install from

the Citrix website.

2. Open the downloaded file.

3. On the Introduction page, click Continue.

4. On the License page, click Continue.

5. Click Agree to accept the terms of the License Agreement.

6. On the Installation Type page, click Install.

7. On the Add Account page, select Add Account and then click Continue.

8. Enter the user name and password of an administrator on the local device.

Uninstall

You can uninstall Citrix Workspace app for Mac manually by opening the .dmg file. Select Uninstall

Citrix Workspace App and follow the on-screen instructions. The .dmg file is the file that is down-

loaded from Citrix when installing Citrix Workspace app for Mac for the first time. If the file is no longer

on your computer, download the file again from Citrix Downloads to uninstall the application.

Citrix Workspace app for Mac

Upgrade

Citrix Workspace app for Mac sends you notifications when there is an update available for an existing

version or an upgrade to a newer version.

You can upgrade Citrix Workspace app for Mac from any of the previous versions of Citrix Workspace

app for Mac.

When you upgrade to a newer version of Citrix Workspace app for Mac, the previous version is unin-

stalled automatically. You don’t need to restart your machine.

Update

February 15, 2022

Manual update

To manually update the Citrix Workspace app for Mac, download and install the latest version of the

app from the Citrix Downloads page.

Automatic update

When a new version of the Citrix Workspace app releases, Citrix pushes the update on the system that

has the Citrix Workspace app installed. You are notified of the available update.

Note:

• If you’ve configured an SSL intercepting outbound proxy, add an exception to the

Workspace auto-update signature service https://citrixupdates.cloud.com/ and

the download location https://downloadplugins.citrix.com/ to receive updates

from Citrix.

• Your system must have an internet connection to receive updates.

• Workspace for web users cannot download the StoreFront policy automatically.

• Citrix HDX RTME for macOS is included in Citrix Workspace Updates. You are notified of the

available HDX RTME update on the Citrix Workspace app.

• Starting with Version 2111, Citrix Workspace updates log paths are modified. The Workspace

updates logs are present at /Library/Logs/Citrix Workspace Updater. For infor-

mation about collecting logs, see Log collection section.

Citrix Workspace app for Mac

Installing Citrix Workspace app Beta program

You receive an updatenotification when the Citrix Workspace app is configured for automatic updates.

To install the Beta build on your system, perform the following steps:

1. Open Citrix Workspace app.

2. Right-click on Citrix Workspace in the toolbar and click Preferences > Advanced.

3. Select Beta from the drop-down list, when the Beta build is available.

To switch from a Beta build to a Release build, perform the following steps:

1. Open Citrix Workspace app.

2. Right-click on Citrix Workspace in the toolbar and click Preferences > Advanced.

3. Select Release from the Select the update channel drop-down list.

Citrix Workspace app for Mac

Note:

Beta builds are available for customers to test in their non-production or limited production en-

vironments, and to share feedback. Citrix does not accept support cases for beta builds but wel-

comes feedback for improving them. Citrix might or might not act on feedback based on its sever-

ity, criticality, and importance. It is advised that you do not deploy Beta builds in production

environments.

Advanced configuration for automatic updates (Citrix Workspace Updates)

You can configure Citrix Workspace updates using the following methods:

1. GUI

2. StoreFront

Configure Citrix Workspace updates using the GUI

Individual users can override the Citrix Workspace updates setting using the Advanced preferences

dialog, which is a per-user configuration and the settings apply only to the current user. To configure

the update using the GUI, perform the following steps:

1. Select the Citrix Workspace app helper icon on your Mac.

2. From the drop-down list, select Preferences > Advanced.

3. Select the update notification preference and close the window.

Citrix Workspace app for Mac

Configure Citrix Workspace updates using StoreFront

1. Use a text editor to open the web.config file, which is typically in the C:\inetpub\wwwroot

\Citrix\Roaming directory.

2. Locate the user account element in the file (Store is the account name of your deployment).

For example: <account id=... name=”Store”>

Before the </account> tag, navigate to the properties of that user account:

1 <properties>

2 <clear/>

3 </properties>

4

3. Add the auto-update tag aer <clear /> tag.

1 <account>

3 <clear />

5 <account id=”d1197d2c-ac82-4f13-9346-2ee14d4b0202” name=”

F84Store”

7 description=”” published=”true” updaterType=”Citrix”

remoteAccessType=”None”>

Citrix Workspace app for Mac

9 <annotatedServices>

11 <clear />

13 <annotatedServiceRecord serviceRef=”1__Citrix_F84Store”>

15 <metadata>

17 <plugins>

19 <clear />

21 </plugins>

23 <trustSettings>

25 <clear />

27 </trustSettings>

29 <properties>

31 <property name=”Auto-Update-Check” value=”auto” />

33 <property name=”Auto-Update-DeferUpdate-Count” value

=”1” />

35 <property name=”Auto-Update-Rollout-Priority” value=

”fast” />

37 </properties>

39 </metadata>

41 </annotatedServiceRecord>

43 </annotatedServices>

45 <metadata>

47 <plugins>

49 <clear />

51 </plugins>

Citrix Workspace app for Mac

53 <trustSettings>

55 <clear />

57 </trustSettings>

59 <properties>

61 <clear />

63 </properties>

65 </metadata>

67 </account>

69

The meaning of the properties and their possible values are detailed as follows:

• Auto-update-Check: Indicates that Citrix Workspace app detects an update automatically

when available.

• Auto-update-Rollout-Priority: Indicates the delivery period in which you can receive the up-

date.

• Auto-update-DeferUpdate-Count: Indicates the number of times that you can defer the noti-

fications for the release updates.

Log collection

Log collection simplifies the process of collecting logs for Citrix Workspace app. The logs help Citrix

to troubleshoot, and, in cases of complicated issues, provide support.

You can collect logs using the GUI.

Collecting logs:

1. Open Citrix Workspace app.

2. Right-click on Citrix Workspace in the toolbar and click Preferences > Advanced.

3. Select Logging.

Citrix Workspace app for Mac

4. Select one of the following session log levels:

• Disabled (Default): Minimum logs are collected for basic troubleshooting.

• Connection Diagnostics: Identifies errors while connecting. All logging is enabled up until

the point when the session is deemed successful.

• Full: Captures everything including the connection diagnostics. Once enabled, the Citrix

Workspace app will store up to 10 session logs aer which they are deleted starting with

the oldest to maintain 10 logs.

Note:

Selecting the Full logging option can impact performance and must be used only while

troubleshooting an issue because of the amount of data. Do not enable full logging during

normal use. Enabling this level of logging triggers a warning dialog that must be acknowl-

edged for you to continue.

5. Select one of the following store log levels:

• Disabled (Default): Minimum logs are collected for basic troubleshooting.

• Normal: Only store communication logs are collected.

• Verbose: Detailed authentication and store communication logs are collected.

6. Click Email Log Files to collect and share logs as a .zip file.

Configure

February 21, 2022

Aer the Citrix Workspace app for Mac soware is installed, the following configuration steps allow

users to access their hosted applications and desktops.

Citrix Workspace app for Mac

Users might connect from the Internet or from remote locations. For those users, configure the au-

thentication through Citrix Gateway.

Administrator tasks and considerations

This article discusses the tasks and considerations that are relevant for administrators of Citrix

Workspace app for Mac.

Important:

If you are running macOS 10.15, ensure that your system is compliant with Apple’s require-

ments for trusted certificates in macOS 10.15. Perform this check before you upgrade to Citrix

Workspace app for Mac version 2106.

Feature flag management

If an issue occurs with Citrix Workspace app in production, we can disable an aected feature dynam-

ically in Citrix Workspace app even aer the feature is shipped. To do so, we use feature flags and a

third-party service called LaunchDarkly.

You do not need to make any configurations to enable traic to LaunchDarkly, except when you have a

firewall or proxy blocking outbound traic. In that case, you enable traic to LaunchDarkly via specific

URLs or IP addresses, depending on your policy requirements.

You can enable traic and communication to LaunchDarkly in the following ways:

Enable traic to the following URLs

• events.launchdarkly.com

• stream.launchdarkly.com

• clientstream.launchdarkly.com

• Firehose.launchdarkly.com

• mobile.launchdarkly.com

List IP addresses in an allow list

If you must list IP addresses in an allow list, for a list of all current IP address ranges, see LaunchDarkly

public IP list. You can use this list to ensure that your firewall configurationsare updated automatically

in keeping with the infrastructure updates. For details about the status of the infrastructure changes,

see the LaunchDarkly Statuspage page.

Citrix Workspace app for Mac

LaunchDarkly system requirements

Ensure that the apps can communicate with the following services if you have split tunneling on Citrix

ADC set to OFF for the following services:

• LaunchDarkly service.

• APNs listener service

Content Collaboration Service integration

Citrix Content Collaboration enables you to easily and securely exchangedocuments, send large docu-

ments by email, securely handle document transfers to third parties, and access a collaboration space.

Citrix Content Collaboration provides many ways to work, including a web-based interface, mobile

clients, desktop apps, and integration with Microso Outlook and Gmail.

You can access Citrix Content Collaboration functionality from the Citrix Workspace app using the

Files tab displayed within Citrix Workspace app. You can view the Files tab only if Content Collabora-

tion Service is enabled in the Workspace configuration in the Citrix Cloud console.

Note:

Windows Server 2012 and Windows Server 2016 don’t support Citrix Content Collaboration inte-

gration due to a security option set in the operating system.

The following image displays the example contents of the Files tab of the new Citrix Workspace app:

Citrix Workspace app for Mac

Limitations

• Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log o.

• Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log o.

USB redirection

HDX USB device redirection enables redirection of USB devices to and from a user device. A user can

connect a flash drive to a local computer and access it remotely from a virtual desktop or a desktop

hosted application.

During a session, users can plug and play devices, including Picture Transfer Protocol (PTP) devices.

For example:

• Digital cameras, Media Transfer Protocol (MTP) devices such as digital audio players or portable

media players

Citrix Workspace app for Mac

• Point-of-sale (POS) devices, and other devices such as 3D Space Mice, Scanners, Signature Pads

and so on.

Note:

Double-hop USB is not supported for desktop hosted application sessions.

USB redirection is available for the following:

• Windows

• Linux

• Mac

By default, USB redirection is allowed for certain classes of USB devices, and denied for others. To

restrict the types of USB devices made available to a virtual desktop, update the list of USB devices

supported for redirection. More information is provided later in this section.

Tip

Where security separation between the user device and server is needed, ensure that you inform

users about the types of USB devices to avoid.

Optimized virtual channels are available to redirect most popular USB devices, and provide superior

performance and bandwidth eiciency over a WAN. Optimized virtual channels are usually the best

option, especially in high latency environments.

Note:

For USB redirection purposes, Citrix Workspace app for Mac handles a SMART board the same as

a mouse.

The product supports optimized virtual channels with USB 3.0 devices and USB 3.0 ports. For exam-

ple, a CDM virtual channel is used to view files on a camera or to provide audio to a headset. The

product also supports Generic USB Redirection of USB 3.0 devices connected to a USB 2.0 port.

Some advanced device-specific features, such as Human Interface Device (HID) buttons on a webcam,

might not work as expected with the optimized virtual channel. Use the Generic USB virtual channel

as an alternative.

Certain devices are not redirected by default, and are only available to the local session. For example,

it would not be appropriate to redirect a NIC that is directly attached via internal USB.

To use USB redirection:

1. Connect the USB device to the device where Citrix Workspace app for Mac is installed.

2. You are prompted to select the available USB devices on your local system.

Citrix Workspace app for Mac

3. Select the device you want to connect and click Connect. If the connection fails, an error mes-

sage appears.

4. In the Preferences window Devices tab, the connected USB device is listed in the USB panel:

Citrix Workspace app for Mac

5. Select the type of virtual channel (Generic or Optimized) for the USB device.

6. A message is displayed. Click to connect the USB device to your session:

Citrix Workspace app for Mac

Use and remove USB devices

Users can connect a USB device before or aer starting a virtual session. When using Citrix Workspace

app for Mac, the following apply:

• Devices connected aer a session starts immediately appear in the USB menu of the Desktop

Viewer.

• If a USB device is not redirecting properly, sometimes you can resolve the problem by waiting

to connect the device until aer the virtual session has started.

• To avoid data loss, use the Windows Safe removal menu before removing the USB device.

Supported USB devices

With Apple announcing the deprecation of Kernel Extensions (KEXT), Citrix Workspace app for Mac

migrated to the new user mode USB framework IOUSBHost provided by Apple. This article lists the

supported USB devices.

USB devices that are compatible with USB redirection

The following USB devices work seamlessly with USB redirection:

• 3DConnexion SpaceMouse

• Mass Storage Devices

• Kingston DataTraveler USB Flash Drive

• Seagate external HDD

• Kingston/Transcend Flash drive 32 GB/64 GB

• NIST PIV smartcard /reader

• YubiKey

USB devices that fail with USB redirection

The following device is not compatible with USB redirection:

• Transcend SSD external Hard disk

Unverified USB Devices

There are plenty of devices, unverified by Citrix, for successful USB redirection with Citrix Workspace

app for Mac. Here are some of these devices:

• Other Hard Disks

• Special Keys on the keyboard and headsets that use custom HID protocol

Citrix Workspace app for Mac

Support for Mass Storage devices

We have seen that not all types of Mass Storage devices can be redirected successfully. For the devices

which fail to redirect, there is an optimized virtual channel called Client Drive mapping. Using the

Client Drive mapping, access to the mass storage devices can be controlled through the policies on

the delivery controller.

Support for Isochronous devices

Generic USB redirection doesn’t support Isochronous class of USB devices in Citrix Workspace app

for Mac. Isochronous mode of data transfer in a USB specification indicates devices that stream the

timestamped data at a constant rate. For example: WebCams, USB Headphones, and so on

Support for Composite devices

A USB composite device is a single gadget that can perform more than one function. For example:

multi-function printers, iPhone, and so on. Currently, Citrix Workspace app for Mac does not support

redirection of composite devices to the Citrix Virtual Apps and Desktops session.

Alternatives for unsupported USB devices

There are optimized virtual channels that can handle devices that are not supported with generic USB

redirection. These virtual channels are optimized for speed when compared to generic USB redirec-

tion. Some examples are as follows:

• Webcam redirection: Optimized for raw webcam traic. Microso Teams Optimization Pack

has its own method of webcam redirection. Hence, it does not fall under the Webcam redirec-

tion virtual channel.

• Audio redirection: Optimized to transfer Audio streams.

• Client Drive Mapping: Optimized for redirecting mass storage devices to the Citrix Virtual Apps

and Desktops session. For example: Flash Drives, Hard Disks, DVD ROM/RW, and so on.

Enlightened Data Transport (EDT)

By default, EDT is enabled in Citrix Workspace app for Mac.

Citrix Workspace app for Mac reads the EDT settings as set in the default.ica file and applies it accord-

ingly.

To disable EDT, run the following command in a terminal:

defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO

Citrix Workspace app for Mac

Session reliability and auto client reconnect

Session reliability keeps sessions active and on the user’s screen when network connectivity is inter-

rupted. Users continue to see the application that they are using until network connectivity resumes.

With session reliability, the session remains active on the server. To indicate that connectivity is lost,

the user’s display freezes until connectivity resumes on the other side of the tunnel. Session reliability

reconnects users without reauthentication prompts.

Important

• Citrix Workspace app for Mac users cannot override the server setting.

• With Session reliability enabled, the default port used for session communication switches

from 1494 to 2598.

You can use session reliability with Transport Layer Security (TLS).

Note

TLS encrypts only the data sent between the user device and Citrix Gateway.

Using session reliability policies

The session reliability connections policy setting allows or prevents session reliability.

The session reliability timeout policy setting has a default of 180 seconds, or three minutes. Though

you can extend the time the session reliability keeps a session open, this feature is convenient to the

user. Therefore, it does not prompt the user for reauthentication.

Tip

Extending session reliability timeouts might cause a user to get distracted and walk away from

the device, leaving the session accessible to unauthorized users.

By default, incoming session reliability connections use port 2598, unless you change the port number

in the session reliability port number policy setting.

You can configure the Auto client reconnect authentication policy setting to prompt users to reau-

thenticate when reconnecting to interrupted sessions.

If you use both session reliability and auto client reconnect, the two features work in sequence. Ses-

sion reliability closes, or disconnects, the user session aer the amount of time you specify in the

Session reliability timeout policy setting. Aer that, the auto client reconnect policy settings take

eect, attempting to reconnect the user to the disconnected session.

Note

Session reliability is enabled by default at the server. To disable this feature, configure the policy

Citrix Workspace app for Mac

managed by the server.

Configuring session reliability from Citrix Studio

By default, session reliability is enabled.

To disable session reliability:

1. Launch Citrix Studio.

2. Open the

Session Reliability connections

policy.

3. Set the policy to Prohibited.

Configuring session reliability timeout

By default, the session reliability timeout is set to 180 seconds.

Note:

Session reliability timeout policy can be configured only with XenApp and XenDesktop 7.11 and

later.

To modify session reliability timeout:

Citrix Workspace app for Mac

1. Launch Citrix Studio.

2. Open the Session reliability timeout policy.

3. Edit the timeout value.

4. Click OK.

Configuring auto client reconnection using Citrix Studio

By default, auto client reconnection is enabled.

To disable auto client reconnection:

1. Launch Citrix Studio.

2. Open the Auto client reconnect policy.

3. Set the policy to Prohibited.

Configuring Auto client reconnection timeout

By default, the Auto client reconnection timeout is set to 120 seconds.

Citrix Workspace app for Mac

Note:

Auto client reconnect timeout policy can be configured only with XenApp and XenDesktop 7.11

and later.

To modify auto client, reconnect timeout:

1. Launch Citrix Studio.

2. Open the Auto client reconnect policy.

3. Edit the timeout value.

4. Click OK.

Limitations:

On a Terminal Server VDA, Citrix Workspace app for Mac uses 120 seconds as timeout value irre-

spective of the user settings.

Configuring the Reconnect user interface Transparency

The Session User Interface is displayed during a session reliability and auto client reconnect attempts.

The Transparency level of the user interface can be modified using Studio policy.

By default, Reconnect UI Transparency is set to 80%.

To modify Reconnect user interface Transparency level:

1. Launch Citrix Studio.

2. Open the Reconnect UI Transparency level policy.

3. Edit the value.

4. Click OK.

Auto client reconnect and session reliability interaction

There are mobility challenges associated with switching between various access points, network dis-

ruptions, and display timeouts related to latency. These create challenging environments when try-

ing to maintain link integrity for active Citrix Workspace app for Mac sessions. Citrix enhanced session

reliability and auto reconnection technologies resolve this issue.

This feature, allows users to reconnect to sessions automatically aer recovery from network disrup-

tions. These features, enabled by policies in Citrix Studio, can be used to improve the user experience.

Note:

Auto client reconnection and session reliability timeout values can be modified using the de-

fault.ica file in StoreFront.

Citrix Workspace app for Mac

Auto client reconnection

Auto client reconnection can be enabled or disabled using Citrix Studio policies. By default, this fea-

ture is enabled. For information about modifying this policy, see the auto client reconnection section

earlier in this article.

Use the default.ica file in StoreFront to modify the connection timeout for AutoClienreconnect. By

default, this timeout is set to 120 seconds (or two minutes).

Setting Example Default

TransportReconnectRetryMaxTSecondsTransportReconnectRetryMaxTSeconds=60120

Session reliability

Session reliability can be enabled or disabled using Citrix Studio policies. By default, this feature is

enabled.

Use the default.ica file in StoreFront to modify the connection timeout for session reliability. By de-

fault, this timeout is set to 180 seconds (or three minutes).

Setting Example Default

SessionReliabilityTTL SessionReliabilityTTL=120 180

How auto client reconnection and session reliability work

When auto client reconnection and session reliability are enabled for a Citrix Workspace app for Mac,

consider the following:

• A session window is grayed out when a reconnection is in progress. A countdown timer displays

the amount of time remaining before the session is reconnected. Once a session is timed out,

it is disconnected.

By default, the reconnect countdown notification starts at 5 minutes. This timer value represents the

combined default values for each of the timers (auto client reconnection and session reliability), 2 and

3 minutes respectively. The following image illustrates the countdown notification which appears in

the upper right portion of the session interface:

Citrix Workspace app for Mac

Tip

You can alter the grayscale brightness used for an inactive session using a command prompt.

For example, defaults write com.citrix.receiver.nomas NetDisruptBrightness 80. By default, this

value is set to 80. The maximum value cannot exceed 100 (indicates a transparent window) and

the minimum value can be set to 0 (a fully blacked out screen).

• Users are notified when a session successfully reconnects (or when a session is disconnected).

This notification appears in the upper right portion of the session interface:

Citrix Workspace app for Mac

• A session window which is under auto client reconnect and session reliability control provides

an informational message indicating the state of the session connection. Click Cancel Recon-

nection to move back to an active session.

Customer Experience Improvement Program (CEIP)

Data Collected Description What we Use it for

Configuration and usage data The Citrix Customer

Experience Improvement

Program (CEIP) gathers

configuration and usage data

from Workspace app for Mac

and automatically sends the

data to Citrix and Google

Analytics.

This data helps Citrix improve

the quality, reliability, and

performance of Workspace

app.

Additional Information

Citrix handles your data in accordance with the terms of your contract with Citrix. Your data is pro-

tected, according to Citrix Services Security Exhibit available at the Citrix Trust Center.

Citrix uses Google Analytics to collect certain data from Citrix Workspace app as part of CEIP. Review

Citrix Workspace app for Mac

how Google handles data collected for Google Analytics.

To disable sending CEIP data to Citrix and Google Analytics, perform the following steps:

1. In the Preferences window, select Security and Privacy.

2. Select the Privacy tab.

3. Select No, Thanks to disable CEIP or to forego participation.

4. Click OK.

Alternatively, you can disable CEIP by running the terminal command:

defaults write com.citrix.receiver.nomas ”CEIPEnabled”-bool NO

The specific data elements collected by Google Analytics are:

Operating System Version Session Launch Generic USB Redirection

Usage

Citrix Workspace app for Mac

Application delivery

When delivering applications with Citrix Virtual Apps and Desktops, consider the following options to

enhance the experience for your users when they access their applications:

Web access mode

Without any configuration, Citrix Workspace app for Mac provides web access mode: browser-based

access to applications and desktops. Users simply open a browser to a Workspace for Web and select

and use the applications that they want. In web access mode, no app shortcuts are placed in the App

Folder on your user’s device.

Self-service mode

Add a StoreFront account to Citrix Workspace app for Mac or configure Citrix Workspace app for Mac to

point to a StoreFront site. Then, you can configure self-service mode, which enables your users to sub-

scribe to applications through Citrix Workspace app for Mac. This enhanced user experience is similar

to that of a mobile app store. In self-service mode you can configure mandatory, auto-provisioned,

and featured app keyword settings as needed. When one of your users selects an application, a short-

cut to that application is placed in the App Folder on the user device.

When they access a StoreFront 3.0 site, your users see the Citrix Workspace app for Mac preview.

When publishing applications on your Citrix Virtual Apps farms, you can enhance the experience for

users accessing those applications through StoreFront stores. Ensure that you include meaningful de-

scriptions for the published apps. The descriptions are visible to your users through Citrix Workspace

app for Mac.

Configure self-service mode

As mentioned previously, you can add a StoreFront account to Citrix Workspace app for Mac or config-

ure Citrix Workspace app for Mac to point to a StoreFront site. Thus, you can configure the self-service

mode, which allows users to subscribe to applications from the Citrix Workspace app for Mac user

interface. This enhanced user experience is similar to that of a mobile app store.

In self-service mode, you can configure mandatory, auto-provisioned, and featured app keyword set-

tings as needed.

• Automatically subscribe all users of a store to an app by appending the string **KEYWORDS:

Auto** to the description, while publishing the app in Citrix Virtual Apps. When users log in to

the store, the app is automatically provisioned without the need for manual subscription to the

app.

Citrix Workspace app for Mac

• Advertise applications to users or make commonly used applications easier to find by listing

them in the Citrix Workspace app for Mac Featured list. To list apps in the Mac Featured list,

append the string **KEYWORDS:Featured** to the app description.

For more information, see the StoreFront documentation.

Citrix Workspace Updates

Configuring using the GUI

An individual user can override the Citrix Workspace Updates setting using the Preferences dialog.

This process is a per-user configuration and the settings apply only to the current user.

1. Go to the Preferences dialog in Citrix Workspace app for Mac.

2. In the Advanced pane, click Updates. The Citrix Workspace Updates dialog appears.

3. Select one of the following options:

• Yes, notify me

• No, don’t notify me

• Use administrator specified settings

4. Close the dialog box to save the changes.

Configuring Citrix Workspace Updates using StoreFront

Administrators can configure Citrix Workspace Updates using StoreFront. Citrix Workspace app for

Mac only uses this configuration for users who have selected “Use administrator specified settings.”

To manually configure it, follow these steps.

1. Use a text editor to open the web.config file. The default location is C:\inetpub\wwwroot\

Citrix\Roaming\web.config

2. Locate the user account element in the file (Store is the account name of your deployment)

For example: <account id=… name=”Store”>

Before the </account> tag, navigate to the properties of that user account:

</properties>

3. Add the auto-update tag aer <clear /> tag.

Citrix Workspace app for Mac

auto-update-Check

The auto-update check determines that Citrix Workspace app for Mac can detect if updates are avail-

able.

Valid values:

• Auto – Is used to get notifications when updates are available.

• Manual – Is used to not get any notification when updates are available. Users must check man-

ually for updates by selecting Check for Updates.

• Disabled – Is used to disable Citrix Workspace Updates.

auto-update-DeferUpdate-Count

Determines the number of times the user is notified to upgrade before forcibly updating to the latest

version of Citrix Workspace app for Mac. By default, this value is 7.

Valid values:

• -1 – The user gets reminded later when an update is available.

• 0 – Force-updates the user to the latest version of Citrix Workspace app for Mac when the update

is available.

• Positive integer – The user is reminded these many times before being forced to update. Citrix

recommends not to set this value higher than 7.

auto-update-Rollout-Priority

Determines how quickly a device sees that an update is available.

Valid values:

• Auto – The Citrix Workspace Updates system decides when available updates roll out to users.

• Fast – Available updates roll out to users on high priority as determined by Citrix Workspace app

for Mac.

• Medium – Available updates roll out to users on medium priority as determined by Citrix

Workspace app for Mac.

• Slow – Available updates roll out to users on low priority as determined by Citrix Workspace app

for Mac.

Keyboard layout synchronization

Keyboard layout synchronization enables users to switch among preferred keyboard layouts on the

client device when using a Windows or Linux VDA. This feature is disabled by default.

To enable keyboard layout synchronization, go to Preferences > Keyboard and select “Use local key-

board layout, rather than the remote server keyboard layout.”

Citrix Workspace app for Mac

Note:

1. Using the local keyboard layout option activates the client IME (Input Method Editor). Users

working in Japanese, Chinese, or Koreancan use the server IME. They mustdisable the local

keyboard layout option by clearing the option in Preferences > Keyboard. The session will

revert to the keyboard layout provided by the remote server when they connect to the next

session.

2. The feature works in the session only when the toggle in the client is turned on and the

corresponding feature enabled on the VDA. A menu item,”Use Client Keyboard Layout,”

in Devices > Keyboard > International is added to show the enabled state.

Limitations

• Using the keyboard layouts listed in “Supported Keyboard Layouts in Mac” works while using

this feature. When you change the client keyboardlayout to a non-compatible layout, the layout

might be synced on the VDA side, but functionality cannot be confirmed.

• Remote apps that run with elevated privileges can’t be synchronized with the client keyboard

layout. To work around this issue, manually change the keyboard layout on the VDA or disable

UAC.

• When a user is working within an RDP session, it’s not possible to change the keyboard layout

using the Alt + Shift shortcuts when RDP is deployed as an app. As a workaround, users can

use the language bar in the RDP session to switch the keyboard layout.

Citrix Workspace app for Mac

Keyboard layout support for Windows VDA

Citrix Workspace app for Mac

Keyboard layout support for Linux VDA

Citrix Workspace app for Mac

The enhanced client depends on the keyboard layout synchronization feature. By default, the en-

hanced feature is enabled when the keyboard layout synchronization feature is turned on. To control

this feature alone, open the Config file in the ~/Library/Application Support/Citrix Receiver/ folder,

locate the “EnableIMEEnhancement” setting and turn the feature on or o by setting the value to

“true” or “false,” respectively.

Note:

The setting change takes eect aer restarting the session.

Language bar

You can choose to show or hide the remote language bar in an application session using the GUI. The

language bar displays the preferred input language in a session. In earlier releases, you might change

this settingusingonly the registry keys on the VDA. Starting with Citrix WorkspaceforMacversion1808,

you can change the settings using the Preferences dialog. The language bar appears in a session by

default.

Note:

This feature is available in sessions running on VDA 7.17 and later.

Configure showing or hiding the remote language bar

1. Open Preferences.

2. Click Keyboard.

3. Click or unclick Show the remote language bar for the published applications.

Note:

The setting changes take eect immediately. You can change the settings in an active session.

The remote language bar does not appear in a session if there is only one input language.

Citrix Casting

Citrix Casting is used to cast your Mac screen to nearby Citrix Ready workspace hub devices. Citrix

Workspace app for Mac supports Citrix Casting to mirror your Mac screen to workspace hub connected

monitors.

For more information, see the Citrix Ready workspace hub documentation.

Prerequisites

• Citrix Workspace app 1812 for Mac or later.

Citrix Workspace app for Mac

• Bluetooth enabled on the device for hub discovery.

• Both Citrix Ready workspace hub and Citrix Workspace app must be on the same network.

• Ensure Port 55555 isn’t blocked between the device running Citrix Workspace app and the Citrix

Ready workspace hub.

• Port 55556 is the default port for SSL connections between mobile devices and the Citrix Ready

workspace hub. You can configure a dierent SSL port on the Raspberry Pi’s settings page. If

the SSL port is blocked, users cannot establish SSL connections to the workspace hub.

• For Citrix Casting, ensure port 1494 isn’t blocked.

Enable Citrix Casting

Citrix Casting is disabled by default. To enable Citrix Casting using Citrix Workspace app for Mac:

1. Go to Preferences.

2. Select Advanced in the panel and then choose Citrix Casting.

3. Select Yes, enable casting.

A notification appears when Citrix Casting is launched and a Citrix Casting icon appears in the menu

bar.

Note:

Aer enabling, Citrix Casting launches with Citrix Workspace app for Mac automatically every

time until you disable it by selecting No, don’t enable casting in Preferences > Advanced >

Citrix Casting.

Discover workspace hub devices automatically

To connect to workspace hubs automatically:

Citrix Workspace app for Mac

1. On your Mac, sign in to Citrix Workspace app and ensure that Bluetooth is turned on. Bluetooth

is used to discover nearby workspace hubs.

2. Select the Citrix Casting icon in the menu bar. All Citrix Casting functions are operated through

this menu.

3. The Hub List submenu shows all nearby workspace hubs on the same network. Hubs are listed

in descending order by their proximity to your Mac and display their workspace hub configured

names. All automatically discovered hubs display under Nearby Hubs.

4. Choose the hub you want to connect to by selecting its name.

To cancel selection of a workspace hub during connection, select Cancel. You can also use Cancel if

the network connection is poor and connecting is taking longer than usual.

Note:

Occasionally, your chosen hub might not appear in the menu. Check the Hub List menu again af-

ter a few moments or add your hub manually. Citrix Casting receives the workspace hub’s broad-

casting periodically.

Discover workspace hub devices manually

If you cannot find the Citrix Ready workspace hub device in the Hub List menu, add the workspace

hub’s IP address to access it manually. To add a workspace hub:

1. On your Mac, sign in to Citrix Workspace app and ensure that Bluetooth is turned on. Bluetooth

is used to discover nearby workspace hubs.

2. Select the Citrix Casting icon in the menu bar.

3. Select Manage in the menu. The Manage hubs window appears.

4. Click Add new to enter the IP address of your hub.

Citrix Workspace app for Mac

5. Aer successfully adding the device, the Hub name column displays the hub’s friendly name.

Use this name to identify the hub in the Manual section of the Hub List submenu.

Note:

Currently, only Mirror mode is supported. Mirror is the only available choiceinthe Display Mode

column.

Disconnect the workspace hub device

You can disconnect your current session and exit the Citrix Ready workspace hub automatically or

manually.

• To disconnect the screen casting session automatically, close your laptop.

• To disconnect the screen casting session manually:

1. Select the Citrix Casting icon.

2. In the list of hubs, select the name of your workspace hub. The Disconnect option appears to

the right.

3. Select Disconnect to exit the hub.

Known issues

• There are small latency issues when viewing the mirrored screen. In poor network conditions,

latency might be even longer.

• When SSL is enabled in a Citrix Ready workspace hub and the hub’s certificate is not trusted, an

alert window appears. To solve the issue, add the certificate to your trusted certificate list with

the Keychain tool.

Citrix Workspace app for Mac

Client-side microphone input

Citrix Workspace app for Mac supports multiple client-side microphone inputs. Locally installed mi-

crophones can be used for:

• Live events, such as sophone calls and Web conferences.

• Hosted recording applications, such as dictation programs.

• Video and audio recordings.

Digital dictation support is available with Citrix Workspace app for Mac.

You can use microphones attached to your device by choosing one of the following options from the

Mic & Webcam

settings in

Citrix Workspace app for Mac

Preferences

• Use my microphone and webcam

• Don’t use my microphone and webcam

• Ask me each time

If you select Ask me each time, a dialog box appears each time you connect asking whether you want

to use your microphone in that session.

Windows special keys

Citrix Workspace app for Mac provides several options and easier ways to substitute special keys such

as function keys in Windows applications with Mac keys. Use the Keyboard tab to configure the op-

tions you want to use, as follows:

• “Send Control character using” lets you choose whether to send Command-character keystroke

combinations as Ctrl+character key combinations in a session. Select “Command or Control”

from the pop-up menu to send familiar Command-character or Ctrl-character keystroke combi-

nations on the Mac as Ctrl+character key combinations to the PC. If you select Control, you must

use Ctrl-character keystroke combinations.

• “Send Alt character using” lets you choose how to replicate the Alt key within a session. If you

select Command-Option, you can send Command-Option and keystroke combinations as Alt+

key combinations within a session. Alternatively, if you select Command, you can use the Com-

mand key as the Alt key.

• “Send Windows logo key using Command (right)”. Lets you send the Windows logo key to your

remote desktops and applications when you press the Command key on the right side of the

keyboard. If this option is disabled, the right Command key has the same behavior as the le

Command key according to the above two settings in the preferences panel. However, you can

still send the Windows logo key using the Keyboard menu; choose Keyboard > Send Windows

Shortcut > Start.

• “Send special keys unchanged” lets you disable the conversion of special keys. For example,

the combination Option-1 (on the numeric keypad) is equivalent to the special key F1. You can

Citrix Workspace app for Mac

change this behavior and set this special key to represent 1 (the number one on the keypad) in

the session. To do this, select the “Send special keys unchanged” check box. By default, this

check box is not selected so Option-1 is sent to the session as F1.

You send the function and other special keys to a session using the Keyboard menu.

If your keyboard includes a numeric keypad, you can also use the following keystrokes:

PC key or action Mac options

INSERT 0 (the number zero) on the numeric keypad.

Num Lock must be o; you can turn this on and

o using the Clear key; Option-Help

DELETE Decimal point on the numeric keypad. Num

Lock must be o; you can turn this on and o

using the Clear key; Clear

F1 to F9 Option-1 to -9 (the numbers one to nine) on the

numeric keypad

F10 Option-0 (the number zero) on the numeric

keypad

F11 Option-Minus Sign on the numeric keypad

F12

Option-Plus Sign on the numeric keypad

Windows shortcuts and key combinations

Remote sessions recognize most Mac keyboard combinations for text input, such as Option-G to input

remote application or desktop. The Mac operating system interprets them. This can result in keys

triggering Mac responses instead.

You might also want to use certain Windows keys, such as Insert, that many Mac keyboards do not

have. Similarly, some Windows 8 keyboard shortcuts display charms and app commands, and snap

and switch apps. Mac keyboards do not mimic these shortcuts. However, these can be sent to the

remote desktop or application using the Keyboard menu.

Keyboards and the ways keys are configured can dier widely between machines. Citrix Workspace

app for Mac therefore oers several choices to ensure that keystrokes can be forwarded correctly to

hosted applications and desktops. These keystrokes are listed in the table. The default behavior is

described. If you adjust the defaults (using Citrix the Workspace app or other preferences), dierent

keystroke combinations might be forwarded and other behavior might be observed on the Remote

PC Access.

Citrix Workspace app for Mac

Important

Certain key combinations listed in the table are not available when using newer Mac keyboards.

In most of these cases, keyboard input can be sent to the session using the Keyboard menu.

Conventions used in the table:

• Letter keys are capitalized and do not imply that the Shi key must be pressed simultaneously.

• Hyphens between keystrokes indicate that keys must be pressed together (for example, Control-

C).

• Character keys create text input and include all letters, numbers, and punctuation marks. Spe-

cial keys do not create input by themselves but act as modifiers or Controllers. Special keys

include Control, Alt, Shi, Command, Option, arrow keys, and function keys.

• Menu instructions relate to the menus in the session.

• Depending on the configuration of the user device, some key combinations might not work as

expected, and alternative combinations are listed.

• Fn refers to the Fn (Function) key on a Mac keyboard. Function key refers to F1 to F12 on either

a PC or Mac keyboard.

Windows key or key combination Mac equivalents

Alt+character key Command–Option–character key (for example,

to send Alt-C, use Command-Option-C)

Alt+special key Option–special key (for example, Option-Tab);

Command–Option–special key (for example,

Command-Option-Tab)

Ctrl+character key Command–character key (for example,

Command-C); Control–character key (for

example, Control-C)

Ctrl+special key Control–special key (for example, Control-F4);

Command–special key (for example,

Command-F4)

Ctrl/Alt/Shi/Windows logo + function key **Choose Keyboard > Send Function** key >

Control/Alt/Shi/Command-Function key

Ctrl+Alt Control-Option-Command

Ctrl+Alt+Delete Control-Option-Fn-Command-Delete; Choose

Keyboard > Send Ctrl-Alt-Del

Delete Delete; Choose Keyboard > Send Key > Delete;

Fn-Backspace (Fn-Delete on some US

keyboards)

Citrix Workspace app for Mac

Windows key or key combination Mac equivalents

End End; Fn-Right Arrow

Esc Escape; Choose Keyboard > Send Key > Escape

F1 to F12 F1 to F12; Choose Keyboard > Send Function

Key > F1 to F12

Home Home; Fn-Le Arrow

Insert Choose Keyboard > Send Key > Insert

Num Lock Clear

Page Down Page Down; Fn-Down Arrow

Page Up Page Up; Fn-Up Arrow

Spacebar Choose Keyboard > Send Key > Space

Tab Choose Keyboard > Send Key > Tab

Windows logo Right Command key (a keyboard preference,

enabled by default); Choose Keyboard > Send

Windows Shortcut > Start

Key combination to display charms Choose Keyboard > Send Windows Shortcut >

Charms

Key combination to display app commands Choose Keyboard > Send Windows Shortcut >

App Commands

Key combination to snap apps Choose Keyboard > Send Windows Shortcut >

Snap

Key combination to switch apps Choose Keyboard > Send Windows Shortcut >

Switch Apps

Use Input Method Editors (IME) and international keyboard layouts

Citrix Workspace app for Mac allows you to use an Input Method Editor (IME) on either the user device

or on the server.

When client-side IME is enabled, users can composetextatthe insertion point ratherthan in a separate

window.

Citrix Workspace app for Mac also allows users to specify the keyboard layout they want to use.

Citrix Workspace app for Mac

To enable client-side IME

1. From the Citrix Viewer menu bar, choose Keyboard > International > Use Client IME.

2. Ensure that the server-side IME is set to direct input or alphanumeric mode.

3. Use the Mac IME to compose text.

To indicate explicitly the starting point when composing text

• From the Citrix Viewer menu bar, choose Keyboard > International > Use Composing Mark.

To use server-side IME

• Ensure that the client-side IME is set to alphanumeric mode.

Mapped server-side IME input mode keys

Citrix Workspace app for Mac provides keyboard mappings for server-side Windows IME input mode

keys that are not available on Mac keyboards. On Mac keyboards, the Option key is mapped to the

following server-side IME input mode keys, depending on the server-side locale:

Server-side system locale Server-side IME input mode key

Japanese Kanji key (Alt + Hankaku/Zenkaku in Japanese

keyboard)

Korean Right-Alt key (Hangul/English toggle on Korean

keyboard)

To use international keyboard layouts

• Ensure both client-side and server-side keyboard layouts are set to the same locale as the de-

fault server-side input language.

Multiple monitors

Users can set Citrix Workspace app for Mac to work in full-screen mode across multiple monitors.

1. Open the Citrix Viewer.

2. From the Citrix Viewer toolbar, select one of the following options, based on your requirement:

• Enter Full Screen - Full screen on the primary monitor only.

• Use All Displays In Full Screen - Full screen on all connected monitors.

3. Drag the Citrix Virtual Desktops screen between the monitors.

Citrix Workspace app for Mac

The screen is now extended to all monitors.

Known Limitations

• Full-screen mode is only supported on one monitor or all monitors, which are configurable

through a menu item.

• Citrix recommends using a maximum of 2 monitors. Using more than 2 monitors might degrade

session performance or cause usability issues.

Desktop toolbar

Users can now access the Desktop Toolbar in both windowed and full-screen mode. Previously, the

toolbar was only visible in full-screen mode. Other toolbar changes include:

• The Home button has been removed from the toolbar. This function can be run by using the

following commands:

– Cmd-Tab to switch to the previous active application.

– Ctrl-Le Arrow to switch to the previous Space.

– Using the built-in trackpad or Magic Mouse gestures to switch to a dierent Space.

– Moving the cursor to the edge of screen while in full-screen mode displays a Dock where

you can choose which applications to make active.

• The Windowed button has been removed from the toolbar. Follow one of these methods to

switch from full-screen mode to windowed mode:

– On OS X 10.10, click the green window button on the drop-down menu bar.

– On OS X 10.9, click the blue menu button on the drop-down menu bar.

– Onall versions of OS X, select Exit Full Screen from the View menu of the drop-down menu

bar.

• Support to drag between windows in full screen with multiple monitors.

Workspace Control

Workspace Control lets desktops and applications follow users as they move between devices. For

example, clinicians in hospitals to move from workstation to workstation without having to restart

their desktops and applications on each device.

Policies and client drive mappings change appropriately when you move to a new user device. Poli-

cies and mappings are applied according to the user device where you are currently logged on to the

session. For example, a healthcare worker can sign out from a device in the emergency room and sign-

in to a workstation in the X-ray laboratory. The policies, printer mappings, and client drive mappings

appropriate for the session in the X-ray laboratory go into eect for the session in the X-ray laboratory.

Citrix Workspace app for Mac

To configure workspace Control settings

1. Click the down arrow icon in the Citrix Workspace app for Mac window and choose Prefer-

ences.

2. Click General tab.

3. Choose one of the following:

• Reconnect apps when I start Citrix Workspace app. Allows users to reconnect to discon-

nected apps when they start Citrix Workspace app.

• Reconnect apps when I start or refresh apps. Allows users to reconnect to disconnected

apps either when they start apps or when they select Refresh Apps from the Citrix

Workspace app for Mac menu.

Mapping client drives

Client drive mapping allows you to access local drives on the user device such as CD-ROM drives, DVDs,

and USB memory sticks, during sessions. When a server configuration allows client drive mapping,

users can access locally stored files and work on them during sessions. Users can also save them either

on a local drive or on a drive on the server.

Citrix Workspace app for Mac monitors the directories in which hardware devices such as CD-ROMs,

DVDs, and USB memory sticks are typically mounted on the user device and automatically maps any

new ones that appear during a session to the next available drive letter on the server.

You can configure the level of read and write access for mapped drives using Citrix Workspace app for

Mac preferences.

To configure read and write access for mapped drives

1. On the Citrix Workspace app for Mac home page, click the down arrow icon , and then click

Preferences.

2. Click File Access.

3. Select the level of read and write access for mapped drives from the following options:

• Read and Write

• Read only

• No access

• Ask me each time

4. Log o from any open sessions and reconnect to apply the changes.

Custom web store

You can access your organization’s custom web store from the Citrix Workspace app for Mac. To

use this feature, the admin must add the custom web store to the list of allowed URLs in the

Citrix Workspace app for Mac

allowedWebStoreURLs property in the Global App Configuration Service.

For more information about configuring web store URLs for end-users, see Global App Configuration

Service.

To add a custom web store URL, perform the following steps:

1. Open the Workspace app and navigate to Accounts.

2. In the Accounts window, click the + icon and type the URL.

To delete a custom web store URL, perform the following steps:

1. Open the Workspace app and navigate to Accounts.

2. In the Accounts window, select the account you want to delete and click the - icon.

Authenticate

February 7, 2022

Smart card

Citrix Workspace app for Mac supports smart card authentication in the following configurations:

• Smart card authentication to Workspace for Web or StoreFront 2.x and later

• Citrix Virtual Apps and Desktops 7 1808 and later

• XenDesktop 7.1 and later or XenApp 6.5 and later

• Smart card-enabled applications, such as Microso Outlook and Microso Oice that allow

users to digitally sign or encrypt documents available in virtual desktop or application sessions.

• Citrix Workspace app for Mac supports using multiple certificates with a single smart card or

with multiple smart cards. When your user inserts a smart card intoacardreader, the certificates

are available to all applications running on the device, including Citrix Workspace app for Mac.

• For double-hop sessions, a further connection is established between Citrix Workspace app for

Mac and your user’s virtual desktop.

About smart card authentication to Citrix Gateway

There are multiple usable certificates when you use a smart card to authenticate a connection. Cit-

rix Workspace app for Mac prompts you to select a certificate. Aer you select a certificate, Citrix

Workspace app for Mac prompts you to enter the smart card password. Once authenticated, the ses-

sion launches.

Citrix Workspace app for Mac

If there is only one suitable certificate on the smart card, Citrix Workspace app for Mac uses that cer-

tificate and does not prompt you to select it. However, you must still enter the password associated

with the smart card to authenticate the connection and to start the session.

Specifying a PKCS#11 module for smart card authentication

Note:

Installing the PKCS#11 module is not mandatory. This section only applies to ICA sessions. It

does not apply to Citrix Workspace access to Citrix Gateway or StoreFront where a smart card is

required.

To specify the PKCS#11 module for smart card authentication:

1. In Citrix Workspace app for Mac, select Preferences.

2. Click Security & Privacy.

3. In the Security & Privacy section, click Smart Card.

4. In the PKCS#11 field, select the appropriate module. Click Other to browse to the location of

the PKCS#11 module if the desired one is not listed.

5. Aer selecting the appropriate module, click Add.

Supported readers, middleware, and smart card profiles

Citrix Workspace app forMac supports mostmacOS-compatible smart cardreaders and cryptographic

middleware. Citrix has validated the operation with the following.

Supported readers:

• Common USB connect smart card readers

Supported middleware:

• Clarify

• ActivIdentity client version

• Charismathics client version

Supported smart cards:

• PIV cards

• Common Access Card (CAC)

• Gemalto .NET cards

Follow the instructions provided by your vendor’s macOS-compatible smart card reader and crypto-

graphic middleware for configuring user devices.

Citrix Workspace app for Mac

Restrictions

• Certificates must be stored on a smart card, not on the user device.

• Citrix Workspace app for Mac does not save the user certificate choice.

• Citrix Workspace app for Mac does not store or save the user’s smart card PIN. OS handles the

PIN acquisitions, which might have its own caching mechanism.

• Citrix Workspace app for Mac does not reconnect sessions when a smart card is inserted.

• To use VPN tunnels with smart card authentication, you must install the Citrix Gateway Plug-in

and log on through a webpage. Use your smart cards and PINs to authenticate at each step.

Pass-through authentication to StoreFront with the Citrix Gateway Plug-in is not available for

smart card users.

Secure communications

February 7, 2022

To secure the communication between your Site and Citrix Workspace app for Mac, you can integrate

your connections with a range of security technologies, including Citrix Gateway. For information

about configuring Citrix Gateway with Citrix StoreFront, see the

StoreFront documentation.

Note:

Citrix recommends using Citrix Gateway to secure communications between StoreFront servers

and users’ devices.

• A SOCKS proxy server or secure proxy server (also known as security proxy server, HTTPS proxy

server). You can use proxy servers to limit access to and from your network and to handle con-

nections between Citrix Workspace and servers. Citrix Workspace app for Mac supports SOCKS

and secure proxy protocols.

• Citrix Secure Web Gateway. You can use Citrix Secure Web Gateway to provide a single, secure,

encrypted point of access through the internet to servers on internal corporate networks.

• SSL Relay solutions with Transport Layer Security (TLS) protocols

• A firewall. Network firewalls can allow or block packets based on the destination address and

port. If you use a firewall that maps the server’s internal IP address to an external internet ad-

dress such as network address translation (NAT), configure the external address.

Note:

Starting with macOS Catalina, Apple has enforced extra requirements for root CA certificates and

intermediate certificates which administrators must configure. For more information, see Apple

Support article HT210176.

Citrix Workspace app for Mac

Citrix Gateway

To enable remote users to connect to your XenMobile deployment through Citrix Gateway, you can

configure Citrix Gateway to support StoreFront. The method for enabling access depends on the edi-

tion of XenMobile in your deployment.

If you deploy XenMobile in your network, allow connections from internal or remote users to Store-

Front through Citrix Gateway, by integrating Citrix Gateway with StoreFront. This deployment allows

users to connect to StoreFront to access published applications from XenApp and virtual desktops

from XenDesktop. Users connect through Citrix Workspace app for Mac.

Connecting with the Citrix Secure Web Gateway

If the Citrix Secure Web Gateway Proxy is installed on a server in the secure network, you can use the

Citrix Secure Web Gateway Proxy in Relay mode. For more information about Relay mode, see the

XenApp and Citrix Secure Web Gateway documentation.

If you are using Relay mode, the Citrix Secure Web Gateway server functions as a proxy and you must

configure Citrix Workspace app for Mac to use:

• The fully qualified domain name (FQDN) of the Citrix Secure Web Gateway server.

• The port number of the Citrix Secure Web Gateway server. Citrix Secure Web Gateway Version

2.0 does not support Relay mode.

The FQDN must list, in sequence, the following three components:

• Host name

• Intermediate domain

• Top-level domain

For example, my_computer.example.com is an FQDN, because it lists, in sequence, a host name

(my_computer), an intermediate domain (example), and a top-level domain (com). The combination

of intermediate and top-level domain (example.com) is referred to as the domain name.

Connecting through a proxy server

Proxy servers are used to limit access to and from your network, and to handle connections between

Citrix Workspace app for Mac and servers. Citrix Workspace app for Mac supports both SOCKS and

secure proxy protocols.

When the Workspace app for Mac communicates with the Web server, it uses the proxy server settings

configured for the default web browser on the user device. Configure the proxy server settings for the

default Web browser on the user device accordingly.

Citrix Workspace app for Mac

Connecting through a firewall

Network firewalls can allow or block packets based on the destination address and port. Citrix

Workspace app for Mac must be able to communicate through the firewall with both the Web server

and Citrix server. The firewall must permit HTTP traic (oen over the standard HTTP port 80 or 443

for a secure Web server) for user device to Web server communication. For Citrix Workspace to Citrix

server communication, the firewall must permit inbound ICA traic on ports 1494 and 2598.

TLS

Transport Layer Security (TLS) is the latest, standardized version of the TLS protocol. The Internet

Engineering Taskforce (IETF) renamed it TLS when it took over responsibility for the development of

TLS as an open standard.

TLS secures data communications by providing server authentication, encryption of the data stream,

and message integrity checks. Some organizations, including U.S. government organizations, require

the use of TLS to secure data communications. These organizations might also require the use of

validated cryptography, such as Federal Information Processing Standard (FIPS) 140. FIPS 140 is a

standard for cryptography.

Citrix Workspace app for Mac supports RSA keys of 1024, 2048, and 3072-bit lengths. Root certificates

with RSA keys of 4096-bit length are also supported.

Note

Citrix Workspace app for Mac uses platform (OS X) crypto for connections between Citrix

Workspace app for Mac and StoreFront.

The following cipher suites are deprecated for enhanced security:

• Cipher suites with prefix “TLS_RSA_*”

• Cipher suites RC4 and 3DES

• TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

• TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

• TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

• TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

• TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

• TLS_RSA_WITH_RC4_128_SHA (0x0005)

• TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Citrix Workspace app for Mac supports only the following cipher suites:

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Citrix Workspace app for Mac

For DTLS 1.0 users, Citrix Workspace app for Mac 1910 and later supports only the following cipher

suite:

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Upgrade your Citrix Gateway version to 12.1 or later if you want to use DTLS 1.0. Otherwise, it falls back

to TLS based on the DDC policy.

The following matrices provide details of internal and external network connections:

Note:

• Use Citrix Gateway 12.1 or later for EDT to work properly. Older versions do not support

ECDHE cipher suites in DTLS mode.

• Citrix Gatewaydoesn’t support DTLS 1.2. So, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 aren’t supported. Citrix Gateway

must be configured to use TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA to work properly

Citrix Workspace app for Mac

in DTLS 1.0.

Configuring and enabling Citrix Workspace app for TLS

There are two main steps involved in setting up TLS:

1. Set up SSL Relay on your Citrix Virtual Apps and Desktops server and obtain and install the nec-

essary server certificate.

2. Install the equivalent root certificate on the user device.

Installing root certificates on user devices

To use TLS to secure communications between TLS-enabled Citrix Workspace app for Mac and the

server farm, you need a root certificate on the user device. This root certificate verifies the signature

of the Certificate Authority on the server certificate.

macOS X comes with about 100 commercial root certificates already installed. However, if you want

to use another certificate, you can obtain one from the Certificate Authority and install it on each user

device.

Install the root certificate on each device, depending on your organization’s policies and procedures,

instead of prompting users to install it. The easiest and safest way is to add root certificates to the

macOS X keychain.

To add a root certificate to the keychain

1. Double-click the file containing the certificate. This action automatically starts the Keychain

Access application.

2. In the Add Certificates dialog box, choose one of the following from the Keychain pop-up menu:

• login (The certificate applies only to the current user.)

• System (The certificate applies to all users of a device.)

3. Click OK.

4. Type your password in the Authenticate dialog box and then click OK.

The root certificate is installed and used by TLS-enabled clients and by any other application using

TLS.

About TLS policies

This section provides information for configuring security policies for ICA sessions over TLS. You can

configure certain TLS settingsused for ICA connections in Citrix Workspace app for Mac. These settings

are not exposed in the user interface. Changing them requires running a command on the device

running Citrix Workspace app for Mac.

Citrix Workspace app for Mac

Note

TLS policies are managed in other ways - by devices controlled by an OS X server or another

mobile device management solution.

TLS policies include the following settings:

SecurityComplianceMode. Sets the security compliance mode for the policy. If you don’t configure

SecurityComplianceMode, FIPS is used as the default value. Applicable values for this setting include:

• None. No compliance mode is enforced

• FIPS. FIPS cryptographic modules are used

• SP800-52. NIST SP800-52r1 compliance is enforced

defaults write com.citrix.receiver.nomas SecurityComplianceMode SP800-52

SecurityAllowedTLSVersions. Specifies the TLS protocol versions that are accepted during protocol

negotiation. This information is represented as an array and any combination of the possible values

is supported. When this setting is not configured, the values TLS10, TLS11, and TLS12 are used as the

default values. Applicable values for this setting include:

• TLS10. Specifies that the TLS 1.0 protocol is allowed.

• TLS11. Specifies that the TLS 1.1 protocol is allowed.

• TLS12. Specifies that the TLS 1.2 protocol is allowed.

defaults write com.citrix.receiver.nomas SecurityAllowedTLSVersions -array

TLS11 TLS12

SSLCertificateRevocationCheckPolicy. Improves the cryptographic authentication of the Citrix

server and improves the overall security of the SSL/TLS connections between a client and a server.

This setting governs the handling of a trusted root certificate authority (CA) while opening a remote

session through SSL when using the client for OS X.

When you enable this setting, the client checks whether the server’s certificate is revoked. There are

severallevels of certificaterevocation list checking. For example, the client can be configured to check

only its local certificate list, or to check the local and network certificate lists. In addition, certificate

checking can be configured to allow users to log on only if all Certificate Revocation lists are verified.

Certificate Revocation List (CRL) checking is an advanced feature supported by some certificate is-

suers. It allows admins to revoke security certificates (invalidated before their expiry date) if there is

cryptographic compromise of certificate private keys, or unexpected changes in the DNS name.

Applicable values for this setting include:

• NoCheck. No Certificate Revocation List check is performed.

• CheckWithNoNetworkAccess. Certificate revocation list check is performed. Only local certifi-

cate revocation list stores are used. All distribution points are ignored. Finding a Certificate

Citrix Workspace app for Mac

Revocation List isn’t critical for verification of the server certificate presented by the target SSL

Relay or Citrix Secure Web Gateway server.

• FullAccessCheck. Certificate Revocation List check is performed. Local Certificate Revocation

List stores and all distribution points are used. Finding a Certificate Revocation List is not critical

for verification of the server certificate presented by the target SSL Relay or Citrix Secure Web

Gateway server.

• FullAccessCheckAndCRLRequired. Certificate Revocation List check is performed, excluding

the root Certificate Authority. Local Certificate Revocation List stores and all distribution points

are used. Finding all required Certificate Revocation Lists is critical for verification.

• FullAccessCheckAndCRLRequiredAll. Certificate Revocation List check is performed, includ-

ing the root certificate authority. Local Certificate Revocation List stores and all distribution

points are used. Finding all required Certificate Revocation Lists is critical for verification.

Note

If you don’t set SSLCertificateRevocationCheckPolicy, FullAccessCheck is used as the default

value.

defaults write com.citrix.receiver.nomas SSLCertificateRevocationCheckPolicy

FullAccessCheckAndCRLRequired

Configuring TLS policies

To configure TLS settings on an unmanaged computer, run the defaults command in Terminal.app.

defaults is a command line application that you can use to add, edit, and delete app settings in an OS

X preferences list file.

To change settings:

1. Open Applications > Utilities \ > Terminal.

2. In Terminal, run the command:

defaults write com.citrix.receiver.nomas <name> <type> <value>

Where:

<name>: The name of the setting as described earlier.

<type>: A switch identifying the type of the setting, either -string or -array. If the setting type is a

string, this setting can be omitted.

<value>: The value for the setting. If the value is an array and multiple values need to be specified,

separate the values with a space.

defaults write com.citrix.receiver.nomas SecurityAllowedTLSVersions -array

TLS11 TLS12

Citrix Workspace app for Mac

Reverting to the default configuration

To reset a setting back to its default:

1. Open Applications > Utilities \ > Terminal.

2. In Terminal, run the command:

defaults delete com.citrix.receiver.nomas <name>

Where:

<name>: The name of the setting as described earlier.

defaults delete com.citrix.receiver.nomas SecurityAllowedTLSVersions

Security settings

Security improvements and enhancements were introduced with Citrix Receiver for Mac version 12.3,

including the following:

• improved security configuration user interface. In previous releases, the command line was the

preferred method to make security-related changes. Configuration settings related to session

security are now simple and accessible from the UI. This improvement improves the user expe-

rience while creating a seamless method for the adoption of security-related preferences.

• view TLS connections. You can verify connections that use a specific TLS version, encryption

algorithms, mode, key size, and SecureICA status. In addition, you can view the server certificate

for TLS connections.

The improved Security and Privacy screen includes the following new options in the TLS tab:

• set the compliance mode

• configure the crypto module

• select the appropriate TLS version

• select the certificate revocation list

• enable settings for all TLS connections

The following image illustrates the Security and Privacy settings accessible from the UI:

Citrix Workspace app for Mac

Locations

Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309, United States

Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054, United States

Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Oice

and in other countries. All other marks are the property of their respective owner(s).

Citrix Product Documentation | docs.citrix.com February 21, 2022