Citrix Virtual Apps and Desktops

FIDO2 authentication

Local authorization and virtual authentication using FIDO2

Support for FIDO2 enables users to take advantage of the local endpoint FIDO2 components in a virtual machine. Users can now authenticate in their virtual session using FIDO2 security keys or integrated biometrics on devices that have TPM 2.0 and Windows Hello.

For more information about FIDO2, see FIDO2: WebAuthn & CTAP.

For information about using this feature, see FIDO2 redirection.

Requirements

Citrix requirements

  • Citrix Virtual Apps and Desktops 2009 or later
  • Citrix Workspace app 2009.1 for Windows or later

Microsoft requirements

  • Windows 10 Version 1809 (client) or later
  • Windows 2019 (Server OS)
  • Windows Hello (optional)

FIDO2 requirements

  • Windows Hello
    • TPM 2.0
    • Integrated biometrics
      • Facial recognition
      • Fingerprint scanner
    • WebAuthn
  • FIDO2-enabled Security Key

UWP support for authenticating using FIDO2

With the release of Citrix Virtual Apps and Desktops 2112, Citrix supports FIDO2 on applications that use a Microsoft UWP application to provide authentication.

Applications such as Microsoft Teams, Microsoft Outlook for Office 365 and OneDrive use a UWP application for authentication as a link to Azure Active Directory. Citrix now supports using FIDO2 to authenticate those applications.

UWP requirements

  • Citrix Virtual Apps and Desktops 2112 or later
  • Citrix Workspace app 2009.1 for Windows or later

For more information on Microsoft and FIDO2 requirements, see Requirements.

FIDO2 authentication