You can enable password caching in the Workspace ONE Access console to provide single sign on for users running Horizon, Horizon Cloud, and Citrix virtual apps from the Workspace ONE catalog. Once users’ passwords are cached, they are not required to enter their passwords again while running virtual apps in the same login session.

When the password caching option is enabled, users’ passwords are cached either when they first log in or when they first run a virtual app, based on the authentication methods configured.

  • If a user logs into Workspace ONE using password authentication, the password is cached at login.
  • If a user logs into Workspace ONE using a non-password authentication method such as certificate or third-party IDP, the user is required to enter a password the first time they launch a Horizon, Horizon Cloud, or Citrix app. The password is then cached.
    Note: Users are not prompted for passwords for Horizon or Horizon Cloud integrations that have True SSO configured.

The password caching option is introduced in the Workspace ONE Access Cloud 2006 release in June 2020. It has the following defaults.

  • The option is enabled for existing Workspace ONE Access tenants that have Horizon without True SSO, Horizon Cloud without True SSO, or Citrix integrations configured.
  • The option is disabled for all other existing tenants and for new tenants.
Important: For Horizon and Horizon Cloud integrations, setting up True SSO instead of password caching to provide a single sign on experience is recommended.


  1. In the Workspace ONE Access console, navigate to the Identity & Access Management > Setup > Preferences page.
  2. Select or deselect the Enable Password Caching option, based on your preferences.