Release Notes

Important:

  • Citrix SSO for Android is now renamed to Citrix Secure Access. We are updating our documentation and the UI screenshots to reflect this name change. You might notice Citrix SSO references used in the documentation during this transition period.

  • FQDN based split tunneling and nFactor authentication support are currently in preview.

  • Citrix Secure Access is not supported for Android 6.x and lower versions after June 2020.

The Citrix Secure Access release notes describe the new features, enhancements to existing features, fixed issues, and known issues available in a service release. The release notes include one or more of the following sections:

What’s new: The new features and enhancements available in the current release.

Fixed issues: The issues that are fixed in the current release.

Known issues: The issues that exist in the current release and their workarounds, wherever applicable.

V24.10.1 (10-Oct-2024)

What’s new

  • This release addresses some issues to improve the overall performance and stability.

Fixed issues

  • Push notification might not work on the Citrix Secure Access client for Android.

    [NSHELP-38679]

  • The Always On feature might not restart the NetScaler Gateway session after an idle session time-out.

    [NSHELP-38354]

V24.08.2 (26-Sep-2024)

What’s new

  • This release addresses some issues to improve the overall performance and stability.

V24.08.1 (09-Sep-2024)

What’s new

  • Interoperability enhancements with third-party secure web gateway

    The User-Agent strings for Citrix Secure Access have been updated for an enhanced interoperability with third-party secure web gateways. For more information, see Defining Clients.

    [CSACLIENTS-10798]

  • Enhanced security feature in Citrix Secure Access app for Android

    Third-party apps in the user’s device can not take screenshots of the Citrix Secure Access app when sensitive information is displayed during login authentication.

    [CSACLIENTS-11671]

Fixed issues

  • Citrix Secure Access app displays certificates, which are not appropriate for SAML authentication.

    [NSHELP-38431]

V24.04.1 (03-May-2024)

  • Enhancements to the Always On VPN profile

    Citrix Secure Access now supports the `Always On VPN’ (optional) property in the VPN profiles. This property determines whether a VPN profile is an Always On VPN profile or not. When this property is set to True, it indicates that the VPN profile is an Always On VPN profile.

    Note:

    This property can be set only on the main VPN profiles. It cannot be set for the additional VPN profiles.

    The Always On VPN tunnel is re-established in the following scenarios:

    • MDM profile update
    • Reboot of the Android device
    • Reconnect to a different NetScaler Gateway during a network connection failure
    • Reconnect after a NetScaler Gateway session expires when the Android device is in power saving mode. The connection is re-established when the device comes out of the power saving mode.

    For details, refer to the following articles:

    [CSACLIENTS-9668]

V23.12.2 (15-Dec-2023)

Note:

Citrix Secure Access for Android version 23.12.2 includes the fix for CSACLIENTS-8799 and replaces version 23.12.1.

[CSACLIENTS-8799]

What’s new

  • Citrix SSO for Android renamed to Citrix Secure Access

    Citrix SSO for Android is now called Citrix Secure Access. We are updating our documentation and the UI screenshots to reflect this name change.

    [CSACLIENTS-6337]

  • Receive or block notifications on an Android 13+ devices

    When installing or reinstalling Citrix Secure Access client on an Android 13 device, end-users are now prompted to provide permissions to receive notifications from Citrix Secure Access client. If end-users deny the permission, they will not receive any VPN status or push notifications from Citrix Secure Access client on their Android devices. MDM admins are advised to grant the notification permission to Citrix Secure Access (Package ID: com.citrix.CitrixVPN) in their solution.

    End-users can navigate to Settings > Notifications on the Android device to change the notification permission for Citrix Secure Access client. For details, see How to use Citrix Secure Access from your Android device.

    [CSACLIENTS-8252]

  • Support for Transfer Logon in Always On VPN mode

    Citrix Secure Access for Android now supports the Transfer Logon functionality in the Always On VPN mode. For details about how to configure Transfer Logon, see Configure the Transfer Logon page.

    [CSACLIENTS-8305]

Fixed issues

  • Citrix Secure Access crashes when users copy the Time-based OTP (TOTP) token on the Android 13+ device.

    [CSACLIENTS-8799]

V23.10.2 (19-Dec-2023)

What’s new

Notes:

  • Citrix SSO for Android version 23.10.2 includes the fix for CSACLIENTS-8314 and replaces version 23.10.1.

  • Citrix SSO for Android 23.10.1 works with Android 14.

  • Reauthenticate with NetScaler Gateway after a VPN connection failure - Preview

    Citrix SSO for Android now prompts you to reauthenticate with NetScaler Gateway when a VPN connection is lost. You are notified on the Citrix SSO UI and the notification panel of your Android device indicating that the connection to NetScaler Gateway is lost and that you must reauthenticate to resume the connection. This feature is in preview.

    For more information, see Reconnect to NetScaler Gateway after a VPN connection failure.

Fixed issues

Citrix SSO crashes intermittently when restarting the VPN service in certain Always On VPN scenarios.

[CSACLIENTS-8314]

V23.8.1 (31-Aug-2023)

What’s new

  • Automatic restart of Always On VPN

    The Citrix SSO app automatically restarts the Always On VPN when an app that is part of the allow or block list is installed in a work profile or a device profile. Traffic from this app is automatically tunneled over a VPN connection without restarting the work profile or rebooting the device. To enable the automatic restart of Always On VPN, end users must grant the Query all packages consent to the Citrix SSO app. For more information, see Automatic restart of Always On VPN.

    [CSACLIENTS-6158]

  • Enable debug logging in a managed VPN profile

    MDM admins can now enable debug logging as a custom parameter in the managed VPN profile of the Endpoint Management console. To enable debug logging, the value of EnableDebugLogging must be set to True. If any of the managed VPN configurations has debug logging enabled, the debug logging functionality takes effect when the configurations are parsed. For more details, see Custom parameters for Intune configuration.

    [CSACLIENTS-3746]

Fixed issues

  • Sometimes, the Citrix SSO app might fail to tunnel the traffic to some resources. This issue occurs when split tunneling is set to OFF and some unreachable domains or IP addresses are blackholed.

    [NSHELP-35555]

V22.11.1 (30-Nov-2022)

What’s new

  • Citrix Secure Access is updated to target Android 12.1 (API level 32)

    Citrix Secure Access is now updated to target Android 12.1 (API level 32). In case of per-app VPN, the VPN service might not restart automatically, if one of the packages in the per-app VPN package list is installed after the VPN tunnel setup. This is due to the app visibility restrictions introduced in Android 11. For details, see https://developer.android.com/training/package-visibility.

    [CGOP-21409]

V22.10.1 (21-Oct-2022)

What’s new

  • Display of the app’s version number is updated to the format YY.MM.point-release, where YY is the 2-digit year, MM is the 2-digit month, and point-release that is 1+ depending on the release number within a month.

  • Google Analytics/Crashlytics data collection from EU region is disabled for Android clients.

Fixed issues

  • Error messages that appear for an invalid input in the Add Connection and Edit connection screens are not localized.

    [CGOP-22060]

V2.5.3 (05-May-2022)

What’s new

  • Citrix SSO updated to Android 11 target SDK (API 30)

    The Citrix SSO app is now updated to Android 11 target SDK (API 30). This change requires that Microsoft Intune NAC v2 APIs are used by NetScaler Gateway for device compliance check. For details, refer to the KB article https://support.citrix.com/article/CTX331615.

    [CGOP-19774]

Fixed issues

  • Sometimes, Citrix SSO might not use an alternate DNS server for host name resolution after a network change.

    [NSHELP-29378]

V2.5.2 (21-Oct-2021)

Fixed issues

  • Sometimes, Citrix SSO crashes when handling a non-compliance error in NAC check.

    [CGOP-19198]

V2.5.1 (12-Aug-2021)

Fixed issues

  • Citrix SSO app fails to resolve host when the CNAME chain is longer than 6 hops.

    [CGOP-18475]

  • Citrix SSO displays an authentication prompt when NAC check only authentication is required by NetScaler Gateway.

    [CGOP-18348]

  • Citrix SSO might crash while processing unusually large ICMP packets.

    [CGOP-18286]

  • Citrix SSO might crash when adding a VPN profile on some Android 8.0 devices.

    [CGOP-17607]

  • Citrix SSO might crash when you restart the VPN configured for Always On.

    [CGOP-17580]

  • Citrix SSO might crash when handling an SSL error in the nFactor authentication flow.

    [CGOP-17577]

V2.5.0 (08-Jun-2021)

What’s new

  • Support for FQDN based split tunneling

    Citrix SSO for Android now supports FQDN based split tunneling.

    [CGOP-12079]

Fixed issues

  • Citrix SSO preview build 2.5.0 fails (110) to connect to NetScaler Gateway versions 12.1 and earlier.

    [CGOP-17735]

  • The “DisableUserProfiles” setting is not applied after the SSO app is restarted.

    [CGOP-17454]

V2.4.16 (31-Mar-2021)

Fixed issues

  • The nFactor authentication is aborted if safe browsing is not be enabled on some devices.

    [CGOP-17514]

V2.4.15 (17-Mar-2021)

Fixed issues

  • Sometimes, Citrix SSO does not reconnect Always On VPN when session timeout happens on the NetScaler Gateway appliance.

    [CGOP-16800]

V2.4.14 (23-Feb-2021)

Fixed issues

  • Citrix SSO requires user interaction when Always-On VPN with certificate only authentication is used along with nFactor authentication.

    [CGOP-16805]

  • Sometimes, Citrix SSO might crash during VPN service restart or transition.

    [CGOP-16766]

V2.4.13 (04-Feb-2021)

Fixed issues

  • In some cases, the Citrix SSO login request times out before NetScaler Gateway responds.

    [CGOP-16759]

V2.4.12 (15-Jan-2021)

This release addresses various issues that help to improve overall performance and stability.

V2.4.11 (08-Jan-2021)

  • Classic authentication fails because the Citrix SSO sends an HTTP header (X-Citrix-Gateway) to the NetScaler Gateway which is used only in nFactor authentication.

    [CGOP-16449]

V2.4.10 (09-Dec-2020)

Fixed issues

  • Sometimes, classic authentication might fail for Android devices.

    [CGOP-16219]

  • Citrix SSO might crash when performing classic authentication.

    [CGOP-16012]

  • The orientation of the Citrix SSO app does not change when you rotate the device.

    [CGOP-639]

V2.4.9 (20-Nov-2020)

Fixed issues

  • Citrix SSO app crashes when a user taps the TOTP token value on the device.

    [CGOP-15886]

V2.4.8 (04-Nov-2020)

Fixed issues

  • Citrix SSO might crash when disconnecting the VPN after a session timeout on the gateway.

    [CGOP-15592]

V2.4.7 (12-Oct-2020)

This release addresses various issues that help to improve overall performance and stability.

V2.4.6 (28-Sep-2020)

This release addresses various issues that help to improve overall performance and stability.

V2.4.5 (16-Sep-2020)

What’s new

  • New NetScaler logo is introduced.

    [CGOP-15327]

V2.4.4 (10-Sep-2020)

Fixed issues

  • Sometimes, Citrix SSO crashes when reconnecting the VPN session.

    [CGOP-15215]

V2.4.3

Known issues

  • Citrix SSO fails to establish a VPN session to NetScaler Gateway when the Android device is resource constrained.

    [NSHELP-24647]

V2.4.2

Fixed issues

  • Citrix SSO app crashes when loading previously saved corrupt token data. With this fix, the token value is displayed as “Token data corrupted” for corrupt tokens in the token list. Remove the corrupt tokens and add it again.

    [CGOP-14546]

V2.4.1

Fixed issues

  • Citrix SSO app is not supported for Android 6.x and lower versions after June 2020.

    [CGOP-13853]

V2.3.19

This release addresses various issues that help to improve overall performance and stability.

V2.3.18

What’s New

  • Proxy configuration is now supported in the Android Citrix SSO app for Android 10 devices.

    [CGOP-12007]

V2.3.17

This release addresses various issues that help to improve overall performance and stability.

V2.3.16

This release addresses various issues that help to improve overall performance and stability.

V2.3.15

What’s New

  • Citrix SSO app now supports NetScaler Gateway certificate pinning for managed VPN profiles.

    [CGOP-12538]

  • Citrix SSO app for Android 10 now detects Always On VPN from the system settings.

    [CGOP-12656]

Fixed issues

  • Citrix SSO app crashes when disconnecting from VPN if there are only MDM VPN profiles defined.

    [CGOP-13825]

V2.3.14

What’s New

  • Citrix SSO app can now perform user authentication on behalf of Citrix Workspace app for native app single sign-on.

    [CGOP-12083]

  • VPN service restarts if one of the packages in the per-app VPN package list is installed after the VPN tunnel setup.

    [CGOP-11262]

Fixed issues

  • Citrix SSO now correctly handles the final VPN session establishment message.

    [CGOP-12488]

  • The NetScaler Gateway IP address is now resolved only once. Earlier, the NetScaler Gateway IP address was resolved multiple times that resulted in connection failures sometimes.

    [CGOP-12101]

Known issues

  • Always-On VPN status is not always updated correctly in the app user interface.

    [NSHELP-21709]

V2.3.13

Fixed issues

  • The NetScaler Gateway IP address is now resolved only once.

    Earlier, the NetScaler Gateway IP address was resolved multiple times that resulted in connection failures sometimes.

    [CGOP-12101]

Known issues

  • Always-On VPN status is not always updated correctly in the app user interface.

    [NSHELP-21709]

V2.3.12

Fixed issues

  • Citrix SSO might crash when saving a VPN profile.

    [CGOP-12137]

V2.3.11

Fixed issues

  • Citrix SSO might crash when saving a VPN profile.

    [CGOP-12137]

  • The disableUserProfile setting is not correctly reflected in the user interface when a new VPN profile or update to an existing profile results in the change of the disableUserProfile value.

    [CGOP-11899]

  • Citrix SSO for Android does not process VPN profiles in Device Owner (DO) mode.

    [CGOP-11981]

  • VPN connection is not established when there are IPv6 only local DNS servers.

    [CGOP-12053]

V2.3.10

Fixed issues

  • VPN connection lost after some idle time on the device.

    [CGOP-11381]

V2.3.8

What’s new

  • Set up Citrix SSO app in an Intune Android Enterprise environment

    You can now set up the Citrix SSO app in an Intune Android Enterprise environment. For details, see Set up Citrix SSO app in an Intune Android Enterprise environment.

    [CGOP-635]

  • Support for VPN profile provisioning via Android Enterprise

    VPN profile provisioning via Android Enterprise is now supported.

    [CGOP-631]

Fixed issues

  • If you save a token that is already saved and then try to open it, garbled characters appear in the token name.

    [CGOP-11696]

  • Citrix SSO app fails to establish a VPN session if no DNS search domains are configured on NetScaler Gateway.

    [CGOP-11259]

V2.3.6

What’s new

  • Always On support for Citrix SSO

    The Always On feature of Citrix SSO ensures that users are always connected to the enterprise network. This persistent VPN connectivity is achieved by an automatic establishment of a VPN tunnel.

    [CGOP-10015]

  • Notification to relogin is displayed if Athena token expiry causes a logout

    A notification prompting the users to relogin to Citrix Workspace is displayed if the following conditions are met.

    • Always On feature is enabled in the Citrix Workspace provisioned VPN profile
    • Athena authentication is used for SSO
    • User is signed out of the Citrix Workspace app because of Athena token expiry

    [CGOP-10016]

  • Registration for Push notification service is done using NetScaler Gateway

    You can now register for push notification service using the NetScaler Gateway appliance. Earlier the registration was done on the client device.

    [CGOP-10542]

Fixed issues

Sometimes, Citrix SSO crashes when a new token is scanned. For example, Citrix SSO crashes when an existing token is deleted and another one is scanned with the same token name.

[CGOP-10818]

V2.3.1

What’s new

  • Managed configurations are updated to include more user settings

    Managed configurations are updated to include “BlockUntrustedServers,” “DefaultProfileName,” and “DisableUserProfiles” settings for Android Enterprise environments.

    [CGOP-10033]

  • Enhanced Push notification support

    Upon configuring NetScaler Gateway for Push Notification with type “OTP,” PIN/fingerprint is not asked after the user selects “Allow” in response to the Push Notification requesting the user’s consent for allowing the authentication to proceed.

    [CGOP-9843]

  • Firebase Analytics support

    Support for basic Firebase Analytics is added to provide usage information about the Citrix SSO app. The enhancement is applicable to coarse geolocations, screen usage, different versions of Android in use and so on.

    [CGOP-7523]

  • Support for Android Managed Configurations based VPN profile configuration

    Citrix SSO app can be configured in the Android Enterprise environment using an EMM/UEM vendor like Citrix Endpoint Management. The Android Enterprise Managed Configurations wizard in CEM can be used to deploy managed VPN configurations to the Citrix SSO app. For information on how to configure the Citrix SSO app using Managed Configurations, refer VPN device policy.

V2.2.9

What’s new

  • Push Notification support

    NetScaler Gateway sends a push notification on your registered mobile device for a simplified two-factor authentication experience.

    [CGOP-9592]

Fixed issues

  • Non-URL characters are allowed in the Server field under the Add Connection screen.

    [CGOP-588]