Important update about Citrix Receiver Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace app. . To download Citrix Workspace app on your mobile device, visit the App Store or Google Play, search for “Citrix Workspace app.” Once you download the app, sign in with your corporate credentials. Step 2. Citrix Workspace app will prompt you to then download Citrix Secure Hub for authentication purposes. The SecureAuth Passcode desktop app for Mac generates one-time passcodes for use with the SecureAuth Identity Platform. Documentation: SecureAuth Passcode App for Mac Version: 2.0 Size: 472 KB Release Date: November 01, 2016. The Citrix Workspace Hub, built on the Raspberry Pi 4 and powered by NoTouch OS, antiquates Desktop PCs and desk phones and supports Citrix Casting and Session Roaming. Take advantage of Citrix Casting/Wireless Docking capabilities with Mac, iOS, and Android to seamlessly roam Citrix sessions from a tablet or mobile device to any workspace station. Download apps by Citrix Systems, Inc., including ScanDirect for XenMobile, Citrix Workspace, Citrix Secure Hub, and many more.
- XenMobile
- NetScaler
Information
The purpose of these NetScaler cheat sheets is to provide a reference article with key information about each Session Policy or Session Profile configured via NetScaler / XenMobile wizard. These cheat sheets are applicable for XenMobile 9 and 10.x solutions.
ST_WB_RW_IP_Address Clientless Access Profile
| ST_WB_RW_IP_Address Clientless Access Profile | |
| Under Rewrite tab URL Rewrite Note: This setting states that any FQDNs or domain suffixes defined under “Clientless Access Domains” in NetScaler Gateway, the NetScaler will rewrite (CVPN) the Web app content accordingly. | ns_cvpn_default_inet_url_label |
| Under Finding URLs tab | All fields must be empty |
| Under Client Cookies tab ST_WB_CKIES_IP_Address | Pattern set values CsrfToken (Index 1) ASP.NET_SessionId (Index 2) CtxsPluginAssistantState (Index 3) CtxsAuthId (Index 4) |
NO_RW_IP_Address Clientless Access Profile
| NO_RW_IP_Address Clientless Access Profile | |
| Under Rewrite tab | All fields must be empty |
| Under Finding URLs tab | All fields must be empty |
| Under Client Cookies tab | All fields must be empty |
Note: This Clientless Access Profile should disable all rewrite policies and settings that the NetScaler can apply to web applications. Why? Secure Browse needs to receive the Web URI content ‘untouched’ when traversing through the NetScaler.
This profile mainly applies when mobile users use Secure Web to navigate through Internal/External Web resources.
AC_OS_IP_Address Session Profile
| AC_OS_IP_Address Session Profile | |
| Under Client Experience tab Split Tunnel* *Note: This setting determines whether all MicroVPN traffic between mobile device and NetScaler Gateway should go through the virtual server. If set to OFF (default), all MicroVPN traffic will be intercepted by NetScaler. If set to ON, then, only internal traffic will be intercepted by NetScaler. For more information, please check this article http://support.citrix.com/article/CTX136914 | OFF |
| Session Time-out (minutes) | 1440 |
| Clientless Access | ON |
| Clientless Access URL Encoding | Clear |
| Plug-in Type* *Note: This setting determines whether or not, the NetScaler will accept MicroVPN connections. If the value is set to Java, MicroVPN will be disabled at the NetScaler Gateway level. | Windows/Mac OSX |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign-on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Advanced Settings Split DNS | BOTH |
| Client Choices | OFF |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Account Services Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, mobile users will not be able to access the XenMobile Store after enrollment. | XenMobile Server URL (e.g. https://xms.domain.com) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.
AC_AG_PLG_IP_Address Session Profile
Download Citrix Secure Hub For Mac
| AC_AG_PLG_IP_Address Session Profile | |
| Under Client Experience tab Home Page | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
| Split Tunnel | OFF |
| Clientless Access | Allow |
| Clientless Access URL encoding | Clear |
| Plug-in Type | Windows/Mac OS X |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign- on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Advanced Settings Split DNS | BOTH |
| Client Choices | OFF |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Account Services Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, desktop users using the NetScaler Gateway Plugin will not be able to access the Receiver for Web site remotely. | XenMobile App Controller URL (e.g. https://appc.domain.com) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.
AC_WB_IP_Address Session Profile
| AC_WB_IP_Address Session Profile | |
| Under Client Experience tab Home Page | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
| Clientless Access | ON |
| Single Sign-on to Web Applications* *Note: This setting allows NetScaler and XenMobile Server perform Single Sign- on when users connect remotely to the XenMobile Store but also, to Web links (e.g. Intranet sites) via Secure Web. | ON |
| Credential Index* *Note: This setting determines what credentials will be passed over to the XenMobile Server. The “Primary” index is usually associated with the LDAP policy bound to the NetScaler Gateway virtual Server. If the customer is looking for two-factor authentication (e.g. RSA, Radius, OTP token, etc.), this setting must be changed. Follow the instructions in this article http://support.citrix.com/article/CTX125364 that also applies to the Secure Hub / XenMobile deployment. | Primary |
| Under Security tab Allow Authorization Action | ALLOW |
| Secure Browse* (This setting is not applicable for Receiver for Web connections) *Note: This is the setting that determines which component (Secure Hub or NetScaler) will rewrite the content in order to properly access Web applications. Secure Browse ON means the NetScaler will not rewrite the content via Client Access (CVPN). | ON |
| Under Published Applications tab ICA Proxy | OFF |
| Web Interface Address* *Note: This value must match exactly the same name defined on the XenMobile Server FQDN. Failure to do so, desktop users will not be able to access the Receiver for Web site remotely. | XenMobile App Controller – Receiver for Web site URL (Example - https://appc.domain.com/Citrix/StoreWeb) |
Note: All other settings not overwritten by this Session Profile, the NetScaler Gateway will use the Global Settings and apply them.