Jump to content
  • 0

WorkSpace App for iOS - Cant enroll with native OTP

Luca Ferraro


Dear all,


I had a running environment with ADC 13.0 Build 47.24 and Virtual Apps 7 1912 LTSR. Authentication via LDAP and Native OTP.

For the iOS devices I have the following policies in place  (like described here https://support.citrix.com/article/CTX269642 and here https://discussions.citrix.com/topic/401790-citrix-workspace-app-ios-with-netscaler-gateway-with-native-otp/). This worked until now with no problem.


Two weeks ago I updated to the newest Build ADC 13 52.24 and Virtual Apps 7 2003. Since then i cant enroll my iphone anymore and I dont know what to check anymore.

Workspace on Windows/Android works, aswell as web based access. Even on iOS it works in Safari but not in the workspace app.


Not sure if its the workspace app or the upgrade done. Workspace version is 20.4.5 on iOS 13.4.1. What I noticed is, when I start to enroll the iphone by entering the fqdn to our gatway I get to the screen where I enter username, password and domain. Below that I cant enable the switch for security token. I have to send it once without token (and get the response wrong credentials). After that I can enable Security Token and send all credentials. After that I receive "There are no apps at the moment". 


In the nsvpnlog I can see OTP verification is successful, group extraction as well and and login is finished with: send_accept: sending accept kernel for: myUsername

Also in the workspace app logs i cant see something special.


Wondering if anyone experiencing similiar problems with the newest versions?


Sorry I cant upload images from the current client, but will post more on monday.


Best regards,








Link to comment

4 answers to this question

Recommended Posts

  • 0

Good news :) Yesterday, Citrix updated the workspace app for iOS now with support for nFactor: What’s new in 20.7.0 workspace app for iOS


Configuring account and login now works in the workspace app. Not exactly sure if I can delete the rewrite policy for pwcount (because i'm on 58.32) and the iOS policy, which I had since adc 12 because the passwordfield and otp where reversed. Maybe someone can explain this.

  • Like 1
Link to comment
  • 0

As i wrote in the first post, here are the logs from:


- aaad.debug

- workspace app from iphone

- printscreen from iphone showing the securitytoken switch, which cant be enabled when first logging in.


I replaced my name with myUsernameXXX and my FQDN to my.fqdn.domain if you use the search.



I hope someone can see my problem on the first sight :)  


Bildschirmfoto 2020-05-08 um 16.15.25.png

aaadebug_11052020.log CtxLog_Workspace_2020-05-08-16-16-59+0200.zip

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...