Citrix Access Gateway (CAG) Configuration

Install Citrix Workspace

Before proceeding, install the Citrix Workspace app:

Connecting to the VA Network

To use Citrix Access Gateway (CAG) to access the VA network:

  1. Insert your Card Reader and PIV.

    1. You will see a series of steps to put in your PW, PIN, and PW in order to pair your card. Complete this process. When looking for passwords like Keychain, your root user PW will be enough as it has administrative privileges.

  2. Navigate to https://citrixaccess.va.gov/ and select the link to use Smartcard.

  3. Enter your PIN code when prompted.

  4. On the Citrix StoreFront page, select an appropriate CAG profile. (e.g., OITFO ATX XA Published Desktop).

You cannot generally install new software on CAG desktops, but you can download and run applications without install. By default, CAG does not permit copy-and-paste from CAG to the client, but this copy-and-paste can be requested on https://vaww.ramp.vansoc.va.gov/SelfService/Pages/RequestAccess.aspx

If you get a cert error, or your PIV card is not being read, or stops working for new sessions:

  1. Exit Browser.

  2. Open Keychain Access. Delete Identity Preferences for CAG sites.

  3. Remove smart card. Blow on it. Reinsert.

  4. Open browser, navigate to https://citrixaccess.va.gov

For troubleshooting only, do not install any middleware on macOS Catalina and higher devices: Reference https://militarycac.com/macnotes.htm Military CAC has good information for potential troubleshooting, but do not install middleware as Catalina drastically changed support for SmartCards.

If CAG Quits Working:

  1. Go to https://eauth.va.gov/accessva/

  2. Click authorized contractor

  3. Signup for an ID.me account with your VA email address.

  4. You should then be able to get to the self service IT portal.

If your CAG stops working, this will allow you to set your CAG password and get a 1 day PIV exemption through the portal.