FAQs

This section captures the FAQ on the Citrix SSO app for iOS and Citrix Secure Access agent for macOS.

How is Citrix SSO app for iOS or the Citrix Secure Access agent for macOS different from Citrix VPN app? Citrix SSO is the next generation SSL VPN client for Citrix ADC. The App uses Apple’s Network Extension framework to create and manage VPN connections on iOS and macOS devices. Citrix VPN is the legacy VPN client that uses Apple’s private VPN APIs which are now deprecated. Support for Citrix VPN will be removed from the App Store in the months to come.

What is NE? The Network Extension (NE) framework from Apple is a modern library which contains APIs that can be used to customize and extend the core networking features of iOS and macOS. Network Extension with support for SSL VPN is available on devices running iOS 9+ and macOS 10.11+.

For which versions of Citrix ADC is the Citrix SSO app for iOS and Citrix Secure Access agent for macOS compatible? VPN features in the Citrix SSO app for iOS and the Citrix Secure Access agent for macOS are supported on Citrix ADC versions 10.5 and above. The TOTP is available on Citrix ADC version 12.0 and above. Push Notification on Citrix ADC has not been publicly announced yet. The App requires iOS 9+ and macOS 10.11+ versions.

How does Cert-based authentication for non-MDM customers work? Customers who previously distributed Certificates via Email or Browser to perform Client Certificate Authentication in Citrix VPN must note this change when using the Citrix SSO app for iOS or the Citrix Secure Access agent for macOS. This is mostly true for non-MDM customers who do not use an MDM Server to distribute User Certificates. For details, see “Importing Certificates into Citrix SSO app for iOS and Citrix Secure Access agent for macOS via Email” to be able to distribute Certificates.

What is Network Access Control (NAC)? How do I configure NAC with Citrix SSO app for iOS or Citrix Secure Access agent for macOS and Citrix Gateway? Microsoft Intune and Citrix Endpoint Management (formerly XenMobile) MDM customers can take advantage of the Network Access Control (NAC) feature in the Citrix SSO app for iOS and the Citrix Secure Access agent for macOS. With NAC, administrators can secure their enterprise internal network by adding an extra layer of authentication for mobile devices that are managed by an MDM server. Administrators can enforce a device compliancy check at the time of authentication in the Citrix SSO app for iOS and the Citrix Secure Access agent for macOS.

To use NAC with the Citrix SSO app for iOS or the Citrix Secure Access agent for macOS, you must enable it on both the Citrix Gateway and the MDM server.

• To enable NAC on Citrix ADC, see Configure Network Access Control device check for Citrix Gateway virtual server for single factor login.
• If an MDM vendor is Intune, see Network access control (NAC) integration with Intune.

• If an MDM vendor is Citrix Endpoint Management (formerly XenMobile), see Network Access Control.

  Note:

  The minimum supported Citrix SSO app for iOS and Citrix Secure Access agent for macOS version are 1.1.6 and above.