Below is a video by Citrix showing the download and install of Citrix's Secure Hub on an Apple iPhone.
Citrix Secure Hub (formerly known as Worx Home) provides direct access to your workspace for all mobile, web, virtual Windows and SaaS apps. It provides single sign-on capabilities and the enforcement of device and app-level security policies. Hi, we have a new iPhone XR with iOS 12.2 When setting up secure hub on a device, after putting in the username and password it asks to download a configuration profile, you click allow then need to go into settings and profile to install it.
ProCirrus Instructions to install and configure MDM are listed below:NOTE: If you have any other certifications (i.e. Intune) on your phone for managing email, you will need to uninstall them first. You can see if you have them on your phone by navigating to Settings -> General and scroll down to Profiles & Device Management
Setting up the Mobile Device Management on IOS is a bit of a chore and it is comprised of four major sections. The video above will show you steps 1-2. 1-2 are all you need if you are using 'MDM Lite' which allows you to use your email app of choice. After you have setup steps 1-2, if you are using MDM Lite, you can skip step 3 and add your email to your phone's email app (Apple Mail, or Outlook for iOS)
1) Installing the Citrix Secure Hub (Shown in video above)
2) Install XenMobile Profile Service (Shown in video above)
3) Installing the Secure Hub Applications for MDM - Full
Section 1 - Installing the Citrix Secure Hub
1 - Download the Citrix Secure Hub from the Apple App Store.
2 - Open the Citrix Secure Hub App on your phone (after it installs)
3 - When prompted, click Allow for notifications
4 - On the next screen enter mdm.procirrus.com and click next.
5 - Enter your email credentials and click next.
6 - A Message will pop asking if you want to enroll. Select Yes, Enroll
7 - The next page will show Device Management Information. Click 'Next' twice on the two prompts.
Section 2 - Installing the XenMobile CA Cert
1 - After clicking next on the previous prompts, this screen will appear. It will pop up and ask to download a configuration file. Click 'Allow'
After the profile is downloaded, click 'Close'
2 - After clicking close, swipe up from the bottom to go back to your home screen. On an older iPhone, click the home button to return to your home screen.
On your phone, navigate to Settings -> General and scroll down and click on 'Profile'.
3 - Click the XenMobile Profile Service, and click 'Install' up at the top right:
4 - After clicking 'Install', it will prompt you for your iPhone's passcode. This is not your ProZone password managed by ProCirrus, this is your Apple passcode that you use when you install apps on your phone
Enter your phone's passcode:
5 - You will receive a Warning stating that the service cannot be verified. This is normal and expected, click 'Install' up at the top right, and then click 'Install' down at the bottom, and Install
6 - You will receive another warning. This is normal and expected. Click 'Install' up at the top right again, and then click 'Trust':
7 - Click 'Done'. Don't worry about the Not Verified message.
NOTE: If you are using MDM Lite - You are done. You can now go back to the mail App of your choice and add your email account. You can use the Mail App, or you can download the Microsoft Outlook app for iOS, both work.
Here is a link to a guide to add your email to an iPhone: Add Email to iPhone
If you are using MDM 'Full' and need to install the Citrix Secure Mail app into the Secure Hub, continue with the steps below.
----------------------------------------------------------------------------------------------------------------------------------------------------------
Section 3 - Installing the Secure Hub Applications for MDM - Full.
The Secure Hub has several applications to choose from. At a minimum you will want to install Secure Mail so you can access your company email.
1. Switch back to or launch the Secure Hub application. When you launch it, it will load for a few seconds, and then prompt you to create a Citrix Pin. This will be your Pin to login to the Secure Mail App.
Create your Secure Hub Pin. It will have you put the Pin in, and then it will ask you to put it in again to confirm it.
NOTE: From time to time you will be prompted to use this pin. Don't forget it. For the most part you can access your mail by the phones security like thumbprint or facial recognition.
2 - You may be prompted for your location services options. This is up to you if you want to enable this or not. In the event someone steals your phone or you misplace it somewhere, we can help you locate it.
3 - From the Secure Hub, select Secure Mail. Click Install. It will prompt you to install both the Secure Mail and Secure Web apps. Click Install twice to install them both.
4 - It might take a few minutes for the installs to finish.You can go back to your home screen and monitor the progress of this by looking at the icons as they install. After they have finished, Launch Secure Mail, you will get a prompt to authorize the app. Select 'Authorize':
5 - When you select Authorize, it will redirect you to a Microsoft login prompt. Login with your ProZone credentials:
6- You will be asked if you want Secure Mail to send you notifications. This is up to you, if you allow this you will get notifications of new emails. If you do not, you would need to launch the app periodically to see if you have new emails.
7- You are done Installing and setting up the apps. You can watch or skip the Demo of the features.
You should be all set!
OR
Citrix Secure Hub Macos
Combine NetScaler session policies and profiles into a single NetScaler Gateway virtual server:
Combine NetScaler session policies and profiles into a single NetScaler Gateway virtual server so that the same external URL is used for the Secure Hub app and Citrix Receiver for Windows or Mac clients.
Instructions
Configuration on NetScaler
Create the clientless access policies required:
- Create the clientless access policy and profile for Citrix Receiver and Secure Hub. For more information refer to Citrix Documentation - Configuring Custom Clientless Access Policies for Receiver.
- Create the clientless access policy and profile for Receiver for Web. For more information, refer to Citrix Documentation - Configuring Custom Clientless Access Policies for Receiver for Web.
Create the session policy/profile for Secure Hub on iOS and Android.
Session Policy
Session Profile
Network Configuration Tab
Client Experience Tab
Security Tab
Published Applications Tab
Note: The URL entered in the Account Services Address field in the Published Applications tab must match the App Controller’s configured Host name available in the App Controller’s Control Point > Settings > Network Connectivity section.
Create the session policy/profile for Citrix Receiver for Windows/Mac.
Session Policy
Session Profile
Network Configuration Tab
Client Experience Tab
Security Tab
Published Applications Tab
Note: The Web Interface Address and Account Services Address in the Published Applications tab must match the StoreFront Base URL which can be found on the StoreFront server’s management console. Ensure that a forward slash “/” is not added at the end of the URL.
Create the session policy/profile for web browsers.
Session Policy
Session Profile
Network Configuration Tab
Client Experience Tab
Security Tab
Published Applications Tab
Note: Use the Receiver for Web URL on the StoreFront Management console for the Web Interface Address field in the Published Applications tab and for the Home Page field, under the Client Experience tab.
Select one of the following options (explained in the Background section of this article). With either option, the clientless access policies created in Step 1 must be bound to all NetScaler Gateway virtual servers.
Citrix Secure Hub For Mac
Option 1: Create two NetScaler Gateway virtual servers in Smart Access mode and bind the following session policies with their associated profiles:
Virtual Server 1 for Secure Hub
- Bind the clientless access policy created for Secure Hub in Step 1.
- Bind the Secure Hub session policy created in Step 2.
Virtual Server 2 for Citrix Receiver and Web Browser
- Bind both clientless access policies created in Step 1 – the Receiver clientless access policy must have a higher priority than the web browser clientless access policy .
- Bind the Citrix Receiver session policy created in Step 3.
- Bind the web browser session policy created in Step 4.
OR
Option 2: Bind all the session policies created to a single NetScaler Gateway virtual server in Smart Access mode.
Virtual Server for Secure Hub, Citrix Receiver, and Web Browser
- Bind both clientless access policies created in Step 1.
- Bind the Secure Hub session policy from Step 2 – this must have the highest priority.
- Bind the Citrix Receiver session policy from Step 3 – this must have the second highest priority.
- Bind the web browser session policy from Step 4 – this must have the third highest priority.
Clientless Access Policies
Note:The clientless access policy for Citrix Receiver/Secure Hub must have a higher priority. These clientless policies must be bound directly to the NetScaler Gateway virtual servers.
Configuration on StoreFront
Enable access to Web/SaaS apps to Citrix Receiver or Receiver for Web by adding App Controller as a Delivery Controller on StoreFront. For more information, refer to Citrix Documentation - To manage the resources made available in stores.
Note:Use the host name of the App Controller in the Server field when configuring the StoreFront Delivery Controller. The StoreFront server must trust the issuer of the App Controller’s server certificate (Root and/or Intermediate certificates) because the protocol used by StoreFront to communicate to the App Controller is HTTPS.Establish the trust between StoreFront and App Controller. For more information, refer to Citrix Documentation - To configure App Controller to connect to StoreFront.
Note: Set the StoreFront as an auth server option to OFF. Set the Use the StoreFront Base URL on the Web Address field. At this point, you can access Web/SaaS apps through StoreFront, without the NetScaler Gateway. Test this before proceeding to integrate the NetScaler Gateway.Enable Pass-through from NetScaler Gateway on StoreFront. For more information, refer to Citrix Documentation - Configure the authentication service.
Note:StoreFront must trust the issuer of the NetScaler Gateway virtual server’s bound certificate (Root and/or Intermediate certificates) for the Authentication Callback service.Add NetScaler Gateway to StoreFront. For more information, refer to Citrix Documentation - To add a NetScaler Gateway connection.
Note: The Gateway URL must match exactly what the users are typing into the web browser address bar.Enable remote access on the StoreFront store. For more information, refer to Citrix Documentation - To manage remote access to stores through NetScaler Gateway.
Configuration on App Controller
Enable access to Windows based apps for Secure Hub on the App Controller. For more information, refer to Citrix Documentation - Enabling Access to Windows-Based Apps from Secure Hub or Receiver.
Configure the trust settings for NetScaler Gateway on App Controller. For more information, refer to Citrix Documentation - Configuring Applications and Trust Settings for NetScaler Gateway.
Note: The NetScaler Gateway URL must match exactly what the users are typing into the web browser address bar.
Additional Configuration Steps
To use MicroVPN with MDX wrapped apps, refer to CTX136914 - FAQ: Secure Hub for Mobile Devices and MicroVPN Technology for the list of requirements.
On the NetScaler, the App Controller host name and StoreFront Base URL must be included in the Allow Domains list found in NetScaler Gateway > Global Settings > Configure Domains for Clientless Access. For more information, refer to Citrix Documentation - Configuring Domains for Clientless Access for Access Gateway and StoreFront.
A DNS server must be configured on the NetScaler that can resolve the App Controller and StoreFront FQDNs to their respective IP address.
On the NetScaler, if Citrix Secure Mail is being deployed from the App Controller, add the App Controller as an STA. For more information, refer Citrix Blog - Improving Battery Life with Secure Mail – STA to the Rescue! and Citrix Documentation - Configuring App Controller to Provide STA Tickets for Secure Mail.
(Optional) If you plan to deploy internal websites through the App Controller, ensure to add the following VPN Session policy and profile for Windows/Mac Receiver clients. This will only apply for Citrix Receiver, mobile devices will use MicroVPN.
Session Policy
Session Profile
Network Configuration Tab
Client Experience Tab
Security Tab
Published Applications Tab
Note:The Home Page field in the Client Experience tab must have the full path to the Receiver for website on StoreFront.
Additional Resources
Citrix Secure Hub For Mac Free
For assistance with the initial configuration of NetScaler, including licensing, SSL certificates, authentication, and an overview of how the component works, see NetScaler for the XenDesktopXenApp Dummy. Though this blog refers to an older version of the NetScaler, all of the basic concepts still apply to version 10.1.
Citrix Secure Hub For Mac Windows 10
Refer to the following links for configuration utility changes in NetScaler 10.1 and NetScaler 10.5:
Citrix Secure Hub For Mac Reviews
Citrix Documentation - NetScaler 10.1 Configuration Utility Changes
Citrix Documentation - NetScaler 10.5 Configuration Utility Changes