Overview
The University of Michigan has security measures in place to ensure that whenever and wherever you access Michigan Medicine–hosted applications, such as MiChart*, you do so securely. That includes remote access (i.e., from outside the Michigan Medicine (MM) network). The Citrix Workspace application has a "clientless" version that does not require users to install a client application on a personal or public device. Instead, users access a "Virtual Places" website that is secured with Okta two-factor authentication to access hosted applications remotely.
If you have a CoreImage or CoreMac device, you can use the included Citrix Workspace client application--with or without the VPN. Logging into the services requires Okta two-factor authentication.
Note: Access to MiChart Live on a CoreMac is only available via vplaces
The requirements to remotely access Citrix will depend on the type of device you are using.
Alternatively, you can choose to use Windows Virtual Desktop to gain access to these same applications, albeit with a full "desktop" experience as opposed to just interacting with specific hosted applications.
*Note: In addition to MiChart, other MM-hosted applications that this document applies to include MedView, Metriq, CVIS, and the 3M-CAC apps.
Which Setup Are You?
This guide presents two scenarios for accessing applications from outside the Michigan Medicine network.
- Scenario 1 -- Working remotely and using a personal device or a public device such as one provided as a conference kiosk or in hotel lobby.
- Scenario 2 -- Working remotely using a corporate CoreImage or CoreMac device.
Related Information
Scenario 1
Accessing Hosted Applications from a personal or public computer
Follow the steps in this section if you are accessing Michigan Medicine's hosted applications using a personal or public device (i.e., one that is not owned and managed by Michigan Medicine). Examples are your personally owned Mac, kiosk devices available at conferences, or shared devices available from a hotel lobby. In these cases, you will access the Michigan Medicine network through a web browser.
NOTE: This scenario is also referred to as the "Clientless Access Scenario."
IMPORTANT: In a clientless setting, you will not receive client drive mappings. Therefore, for security reasons, you will not be able to save documents to local drives on the PC/device you are working on. You will also not be able to access printers with this method.
- Validate you are on a supported device.
- Windows 10+
- macOS 10.15+
- iOS (latest)
- Android (latest)
- Validate you are using an HTML 5 browser.
- Apple Safari
- Google Chrome
- Microsoft Edge
- Mozilla Firefox
- Open https://vplaces.med.umich.edu
- Provide your uniqname and UMICH password.
- As of February 2026, only Okta Passcodes are accepted for two-factor authentication. Use either the Okta Verify mobile application or a hardware token configured with Okta to get a passcode.
As shown in the following screenshot, open the Okta Verify mobile application, click on the eye icon to reveal the 6-digit passcode, and then enter it into the Citrix login window's Okta Passcode field.
If you are using a hardware token, note the passcode and enter it into the login window's Okta Passcode field. - Click Log On.
- If you see the following page, click on Use Light Version.
Note: You must not be connected to the VPN. You will get a connection error if you are using the VPN at the same time. By policy, the VPN is not compatible with a personally owned device. Users that need internal network connectivity on a personal device are directed to use Windows Virtual Desktop (WVD). - Click a hosted application to launch it.
Scenario 2
Accessing Hosted Applications from a Michigan Medicine CoreImage Device
Michigan Medicine uses a standard "CoreImage" software configuration for its managed desktop, laptop, and tablet PC devices. A device that has the CoreImage loaded already has the software tools, security features, and device management features that Michigan Medicine users need. CoreMacs have a similar set of applications. This includes the Citrix Workspace application.
The procedure you use to open your hosted applications from a CoreImage or CoreMac device depends on whether you are connecting from within the Michigan Medicine network or connecting from a remote location (i.e., outside the Michigan Medicine network).
From within the Michigan Medicine network
You are considered within the Michigan Medicine network if any one of the following apply:
- You are physically located at a Michigan Medicine facility and hard-wired to the network.
- You are connected to the Mfleet Wi-Fi network.
- You are connected to the Michigan Medicine VPN.
If the device is within the Michigan Medicine network, you can open your hosted applications directly from the Citrix Workspace application in the start menu.
On CoreMac
1. Navigate to vplaces.med.umich.edu
2.Select Detect Citrix Workspace app
3. If prompted, select Open Citrix Workspace Launcher
4. Enter your uniqname and password, then click Log On
When remote (outside the Michigan Medicine network)
You can open your hosted applications directly from the Citrix Workspace application in the start menu, but in this scenario, you will need to complete additional login steps.
Note that if you are working remotely with your CoreImage or CoreMac device and are using the VPN, you cannot connect to the Vplaces website. Vplaces will not work when the VPN is in use. Use the Citrix Workspace application instead as shown below.
Open the Citrix Workspace application available on your device's platform (available in the CoreImage start menu; CoreMac Finder; iPhone home screen).
- Enter your uniqname.
- Enter your UMICH password.
- Enter the passcode the Passcode/Token field. You can retrieve this passcode using either your Okta Verify mobile app or your Okta-enrolled hardware token as shown in the previous section's instructions.
- If prompted, enter "umhs" as the domain.
Click Sign In (application) or Go (mobile app) to complete your login.