Provision user accounts and distribution groups
Nov 13, 2014
You provision user accounts by choosing AD Organizational Units (OUs). The User Management Tool matches accounts based on email address and adds or updates employee account information in ShareFile.
When you add a distribution group and choose to create employee accounts, users accounts are linked to AD only if those users already have a ShareFile employee account. If an employee user is not in ShareFile, they do not appear in the distribution group created using the User Management Tool.
When ShareFile synchronizes with AD, ShareFile uses logon names and email addresses to validate employee accounts against AD. AD groups synced with ShareFile through the User Management Tool will sync as a distribution group in ShareFile.
ShareFile has a limit of 2000 users per distribution group.
-
Log on to the User Management Tool.
A shortcut for the tool is on the Windows Start menu. The tool is installed in C:\Program Files\ShareFile\umt.exe.
The connected subdomain appears on the Dashboard. To connect to a different subdomain, click the icon.
-
To add users from AD:
-
Click the Users tab.
Your AD Organizational Units (OUs) appear.
-
Click one or more objects and then click Add Rule.
-
In the Edit Users Rule dialog box, review and update the options as needed.
You can specify storage quotas, whether to use values from AD for ShareFile employee information, and settings for new accounts, such as a StorageZone and user permissions. For more information, click the question mark icon in the dialog box.
The settings are applied when a new account is created.
-
-
To add distribution groups from AD:
-
Click the Groups tab.
-
Click one or more groups and then click Add Rule.
The Edit Groups Rule dialog box opens.
-
To create and update new employee accounts and distribution groups, select the check boxes for Create a ShareFile distribution group… and Update the ShareFile distribution group….
If you choose to create employee accounts and a user in an AD group already has a ShareFile employee account, the account is linked to AD.
-
In the Edit Users Rule dialog box, review and update those options as needed.
-
-
To apply the added rules:
-
Click the Rules tab.
- The Rules area lists all added rules.
- The Desired Users or Desired Groups area lists the users or groups to be added by the selected rule.
- The Actions area shows the results of the applied rules.
-
To manage rules:
- To make a rule active or inactive, click a calendar icon. The calendar icon for an inactive rule is dimmed.
- To delete a rule, select it and click Delete.
- To view the user accounts or groups to be added by a rule, select the rule. The information to be added appears in the Desired Users or Desired Groups area.
-
To preview the results of all active rules, click Refresh.
The changes that will occur when the rules are run appear in the Actions area. If no changes are listed, the rules you applied did not result in new or changed user accounts or groups. Click a user to view details provided from AD.
-
To immediately apply the active rules, click Commit Now.
To ensure that ShareFile is kept up-to-date with AD changes, specify a synchronization schedule.
-
-
To schedule AD synchronization for all active rules, click Schedule and use the Save Job dialog box to create a named job and specify a synchronization schedule. You can also update a job.
Jobs are stored in %ProgramData%\Citrix\ShareFile\UserManagementTool\Jobs.
The Windows user context in effect when you create a job is also used to run the job.
Note: To specify advanced scheduling features such as triggers and conditions, specify a Schedule of Manual and then use Windows Task Scheduler.
If you will run the scheduled job as a non-administrative user, you must configure it to use the proxy settings as described in the “Configure a proxy server” section of Configure the User Management Tool.
-
To view recent activity and synchronization results, click the Dashboard tab.