Product Documentation
Gateway
14.1-Current Release 13.1 12.1
View PDF

Creating a Session Policy and Profile for the Citrix Secure Access client

September 8, 2025
Contributed by: 
C S

You can configure NetScaler Gateway to provide users access to published applications and virtual desktops with the Citrix Secure Access client instead of with Receiver. Then, in the session policy, you add an HTTP header rule for the Citrix Secure Access client.

To create the session policy rule for the Citrix Secure Access client

  1. Go to NetScaler Gateway > Policies > Session.
  2. In the details pane, click Add.
  3. In the Create NetScaler Gateway Session Policy dialog box, next to Match Any Expression, click the down arrow, select Advanced Free-Form, and then click Add.
  4. In the Add Expression dialog box, do the following:
    1. In Expression Type, click General.
    2. In Flow Type, select REQ.
    3. In Protocol, select HTTP.
    4. In Qualifier, select Header.
    5. In Operator, select NOTEXISTS.
    6. In Header Name, type **Referer** and then click OK.
  5. Click Create and then click Close.

If users install the following versions of Receiver, you need to configure the following session profile for the Citrix Secure Access client:

  • Receiver for Windows 3.4
  • Receiver for Windows 8/RT 1.3
  • Receiver for Mac 11.7
  • Receiver for iOS 5.7
  • Receiver for Android 3.3

To configure the session profile for the Citrix Secure Access client

Note:

For deployments using classic authentication, the Linux Plugin Upgrade setting within the session profile is not supported.

  1. Go to NetScaler Gateway > Policies > Session.
  2. In the details pane, on the Profiles tab, click Add.
  3. In Name, type a name for the profile.
  4. Click the Client Experience tab and then do the following:
    1. Next to Single Sign-on to Web Applications, click Override Global and then select the check box. This setting is required to allow single sign-on for desktop versions of Receiver and uses a Citrix Secure Access client cookie.
    2. Next to Clientless Access URL Encoding, click Override Global and then select Clear. Important: Set Clientless Access to Off.
  5. Click the Published Applications tab and then configure the following settings:

    1. Next to Single Sign-on Domain, click Override Global, enter the domain name, and then click Create. For example, enter mydomain.

    2. Next to Account Services Address, click Override Global, and then enter the StoreFront URL.

      For example, enter https://<StoreFrontFQDN>.

      This setting is needed for adding accounts if both the receiver and the Citrix Secure Access client are already installed on the user device.

Creating a Session Policy and Profile for the Citrix Secure Access client
September 8, 2025
Contributed by: 
C S
September 8, 2025
Contributed by: 
C S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.