Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

(1)

37 37 37 37 Chapter 119samanage

Configurin

Configuring user

g user

g user provisioning for

g user

provisioning for

provisioning for Citrix ShareFile

Citrix ShareFile

This section includes the following topics:

"Introduction and overview of Citrix ShareFile provisioning" on page 119-37 "Preparing your Citrix ShareFile account for provisioning" on page 119-37

"Configuring Citrix ShareFile in Cloud Manager for automatic provisioning" on page

119-38

"Provisioning users for Citrix ShareFile based on roles" on page 119-39

Introduction and over

Introduction and overview of

view of

view of Citrix ShareFile

Citrix ShareFile

Citrix ShareFile provisioning

provisioning

For Citrix ShareFile, the overall workflow of configuring provisioning is as follows. Configuring Citrix ShareFile for automatic user provisioning (an overview):

1111 You prepare your Citrix ShareFile demo account for provisioning:

2222 In Cloud Manager, you configure the Citrix ShareFile application for automatic user provisioning:

a In the Citrix ShareFile application in Cloud Manager, you enable provisioning. b You add the Citrix ShareFile administrator and other credentials.

c You add the role mappings and specify how to handle updates to existing Citrix ShareFile user accounts.

3333 Make sure that provisioning is working as desired.

Run preview synchronizations in Cloud Manager, review the synchronization reports, and review the list of users in Citrix ShareFile. Make changes as needed to get the desired provisioning results.

Prep

Preparing your

aring your

aring your Citrix ShareFile

aring your

Citrix ShareFile

Citrix ShareFile account for provisioning

account for provisioning

You need to request an API key from http://api.sharefile.com/rest. After a few days, Citrix ShareFile support provides you the OAuth key information. The OAuth key includes a client ID and a client secret. You’ll use these to configure provisioning.

(2)

Chapter 119 Chapter 119 Chapter 119

Chapter 119 • Configuring user provisioning for Citrix ShareFile 38383838

Understan

Understanding how the cloud service provisions

ding how the cloud service provisions

ding how the cloud service provisions Citrix ShareFile

Citrix ShareFile

Citrix ShareFile users

Citrix ShareFile

users

The cloud service maps users to permission groups, instead of roles. When you assign role mappings, you can assign anywhere from no permission groups up to the three provided permission groups.

In Citrix ShareFile, these permission groups correspond to the following three permissions:

Configur

Configuring

ing

ing Citrix ShareFile

ing

Citrix ShareFile

Citrix ShareFile in

Citrix ShareFile

in Cloud Manager

in

Cloud Manager

Cloud Manager for au

for au

for automatic

tomatic

provisioning

To configure Citrix ShareFile in Cloud Manager for automatic provisioning:

1111 In Cloud Manager, add, configure, and deploy the Citrix ShareFile SAML application. For details, see Configuring Citrix ShareFile.

2222 Click the Provisioning tab.

Tip TipTip

Tip Configure the rest of the application before enabling provisioning to simplify any

necessary troubleshooting. Although SSO configuration isn’t required for provisioning to work, you do need to configure SSO so that provisioned users can access the application. 3333 On the application’s Provisioning tab, select Enable provisioning for this

application.

4444 Select either Preview Mode or Live Mode.

Preview Mode: Use Preview Mode when you’re initially testing the application

provisioning or making configuration changes. The cloud service does a test run to show you what changes it would make but the changes aren’t saved.

Live Mode: Use Live mode when you want to use application provisioning in your

production system. The cloud service does the provisioning run and saves the changes to both the cloud service and the application’s account information.

Role mapping permission group Role mapping permission group Role mapping permission group

Role mapping permission group Citrix ShareFileCitrix ShareFileCitrix ShareFileCitrix ShareFile permissions permissions permissions permissions

CanCreateFolders Create root-level folders

CanSelectFolderZone Select storage zone for root-level folders

CanUseFileBox Use personal File Box

CanManageUsers Manage client users

AdminSharedAddressBook Edit the shared address book

CanChangePassword Change their own password

CanManageMySettings View the “My Settings” link in the top

(3)

Provisioning users for Citrix ShareFile based on roles

Cloud Manager user’s guide 39393939

5555 Enter the following information for the main provisioning details:

6666 Click Verify to have the cloud service verify the connection and save the provisioning details.

Next, you’re ready to configure Citrix ShareFile provisioning based on roles.

Provisio

Provisioning users for

ning users for

ning users for Citrix ShareFile

Citrix ShareFile

Citrix ShareFile based on roles

Citrix ShareFile

based on roles

Here you specify a Cloud Manager role and specify that users in that role will be matched to existing or new accounts in Citrix ShareFile with the roles that you specify.

When you change any role mappings, the cloud service synchronizes any user account or role mapping changes immediately.

Notes Notes Notes

Notes _{How the cloud service determines duplicate user accounts:}

If the user accounts in the cloud service and the target application match for the fields that make a Citrix ShareFile user unique, then the cloud service handles the user account updates according to your instructions. In many applications, the user’s email address or Active Directory userPrincipalName is the primary field used to identify a user—and in many cases, the userPrincipalName is the email address. You can look at the application’s provisioning script to see the fields that the cloud service uses to match user accounts.

To automatically provision users with Citrix ShareFile accounts:

1111 First, make sure that you’ve entered and verified the provisioning credentials. 2222 You specify which users have access to the application with the roles you add in the

application’s User Access tab. You specify what kind of access users have in the target application by assigning roles in the Provisioning > Role Mappings area.

3333 In the Provisioning page, go to the Role Mappings section.

Field FieldField

Field DescriptionDescriptionDescriptionDescription

Account Name Enter your Citrix ShareFile account name.

For example, if your Citrix ShareFile domain is something like https://acme.sharefile.com, then your account name is acme.

Admin Email Enter your Citrix ShareFile Administrator user name. This user

can either be a member of the Administrator role in Citrix ShareFile, or have the required permissions.

Admin Password Enter the password for the Citrix ShareFile administrator.

Client ID Enter the Client ID that you received from Citrix ShareFile

support, based on your OAuth key request.

Client Secret Enter the Client Secret that you received from Citrix ShareFile

(4)

Chapter 119 • Configuring user provisioning for Citrix ShareFile 40404040 4444 Specify how the cloud service handles situations when the cloud service determines that

the user already has an account in the target application; select either Overwrite or

Keep.

Overwrite: Select Overwrite to update and overwrite the target application user

account information with the cloud user account information.

Note NoteNote

Note If the target user account has a value for a user attribute that doesn’t exist in the

cloud user account, then the cloud service leaves that target user account attribute value intact.

Keep: Select Keep to keep the target user account as it is; the cloud service skips and

doesn’t update the duplicate user account in the application.

Retain: If you select Keep, you can also select Retain to keep the existing target

application user account active when changes in roles or role mappings result in the user no longer being assigned and provisioned to the application. To deprovision users when the user is no longer assigned and provisioned to the application, do not select this option.

5555 To add role mappings and specify which users get provisioned to this application, click

Add.

The Role Mapping dialog box opens.

6666 To map user accounts in Cloud Manager to Citrix ShareFile user accounts, select a Role (the ones in Cloud Manager) and a Destination group (the ones in Citrix ShareFile). For Citrix ShareFile, the Destination group is a set of permissions that the cloud service sets for the provisioned users. You can assign a role to any, all, or none of the destination groups.

Tip TipTip

Tip For best results, assign roles where users are only in one role. Note

NoteNote

Note For Citrix ShareFile user provisioning, the cloud service maps user accounts to sets

of permissions that match those set in the default permission profiles. Those sets have the same names as the default permission profiles.

7777 Click Done to save the role mapping and return to the Provisioning page. 8888 Continue adding role mappings, as desired.

To change a mapping, select the role mapping and click Modify. To remove a mapping, select the role mapping and click Delete.

To change the order of the role mappings, select the role mapping that you want to

move higher in the list and click Move Up.

Tip TipTip

Tip Provisioning assigns users access and assignments based on the top-most role

mapping. The order in which the roles display in the Role Mappings section matters. The role at the top of the list has priority when provisioning users. For instance, if a user is in multiple roles that you’ve mapped for provisioning, the cloud service provisions the user

(5)

Provisioning users for Citrix ShareFile based on roles

Cloud Manager user’s guide 41414141

based on the role nearer the top of the list.

For best results, assign roles where users are only in one role. If users are in multiple roles, rearrange the order of role mappings as desired.

For more details, see Setting up provisioning.

Note NoteNote

Note The provisioning script is intended for advanced users who are familiar with editing

server-side JavaScript code.

9999 When you’re done, click Save to save the provisioning details.

Anytime that you make changes to the provisioning role mapping, the cloud service runs a synchronization automatically. You can also run a preview synchronization or a real synchronization, if desired.

(6)