Using Smart Card Authentication with Citrix Workspace on iPhone and iPad

By using Smart Card Utility with either the Twocanoes’ USB-C or Lightning reader users can now access a Citrix Workspace and use a CAC/PIV within it. This guide will take you through the steps required to do so.

Setup

1. You must have a Twocanoes USB-C or Lightning reader and your CAC/PIV. Make sure the reader and Smart Card Utility app are configured with a certificate.
2. Install the Citrix Workspace app from the App Store onto your iOS device.
3. You must have the URL for your Citrix storefront page. Below are some examples of Citrix Portals.

• DHA: https://avhe.health.mil
• Army ALTESS: https://remote.altess.army.mil/
• VA: https://citrixaccesspiv.va.gov/
• NCIS: leap.ncis.navy.mil

Enable Full Trust for Root Certificates

1. Go to Settings > General > About > Certificate Trust Settings and toggle on to enable full trust for all root certificates.

Logging In

1. Open the Citrix app and toggle Use smart card setting to on.

2. Tap on the “…” in the upper right corner. A small menu will open. Select Settings.

3. Select Advanced from the Settings menu.

4. Toggle on the Enable Smart card option.

5. In Citrix > Settings > Advanced select TLS versions and then select TLS. 1.2, 1.3

6. Make sure you have enable smart card and use smart card every time in both advanced settings and on the welcome screen.
7. Attach the reader to the iOS device and insert the CAC/PIV card.
8. Open Safari and navigate to the Citrix storefront URL. Enter the PIN when prompted. Note: you may be prompted before or after the storefront is shown depending on the Citrix storefront configuration.
9. Enter the PIN to access the Citrix storefront.

8. Once logged into the Citrix website, select the Virtual Desktop to open:

9. You will then be prompted to download a Citrix Token. Select Download.

10. Open the Downloads Tab once it completes, and click on the Token.

11. The Citrix app will automatically pop up and begin the log in process.

IMPORTANT NOTE! You may need to unplug and plug your reader back in to disconnect it from Safari and allow the Citrix Workspace to access the reader.

11. The Virtual Desktop may take a few minutes to set up. You may be prompted to log in again during this process. If no reader is detected, try reinserting your card and then replugging the reader.

You should now be in the Virtual Desktop.

Citrix Workspace Virtual Desktop

You should now have full access to your Workspace. At times a PIN prompt will come up. Remember to cycle the card and reader if you run into any issues. Also, tabbing out of the Citrix app may cause you to be logged out of your session.

Full capabilities

Below are capabilities we have confirmed work when using this method for Citrix on iOS.

• Full access to Teams
• Outlook and encrypted email viewing and signing.
• Using Microsoft Edge and Google Chrome to access DOD and other restricted websites.
• Group/Organization specific apps that require CAC login.

If you have trouble accessing your Citrix after following this guide, please contact us at support@twocanoes.com.