The User Management Tool (UMT) allows you to connect into a selected domain, but for best speed and results the tool must be installed on a domain joined server. Install this tool on a server or box that is rarely taken offline.

The Windows scheduler integration allows the User Management Tool rules to be run recurrently, keeping ShareFile up-to-date with changes in Active Directory (AD). These tasks cannot run if the machine is offline or shut down. Tasks are run using the Windows user context that created the scheduled task and require the correct permissions to complete.

Also, an administrator or service account in ShareFile can be used with the UMT and all user and group creation is logged in ShareFile as an action of the administrator or service account user. If segregating the logging of user creation by the UMT for tracking purposes is needed, it is recommended to create a service account to use with this tool. Using a service account allows for detailed reporting on the users and groups creating on the account’s name.

First steps

Once the requirements are in place and all appropriate user accounts have been acquired, you can install the application.

Before installation, make sure that any prior UMT instance has been uninstalled and the Scheduled Tasks have been disabled or deleted. This is important because the UMT rules on a Policy Based Administration account are different, and you cannot upgrade an old UMT rule to a new PBA rule.

  1. Choose whether you need a x86 version or x64 version of the ShareFile User Management Tool with Policy Based Administration and down the latest version below:

  2. Follow the prompts to complete the installation. A shortcut for the tool is placed on the Start menu and on your desktop.

  3. Start the User Management Tool. The User Management Tool sign in page appears.

  4. Enter the account information and then select Log on.

The account URL is your ShareFile/Citrix Content Collaboration account URL, in the form or, in Europe,

First-time setup

Upon first starting the tool, you are brought to a sign in page. Fill in which account you want to connect to in addition to the ShareFile administrative or service account credentials listed in the requirements to run the application. This tool is run by an administrator and therefore does not support SAML authentication even if it is configured on the connected account.

If your ShareFile account requires ShareFile Two-Factor Authentication when logging in with ShareFile credentials, you will need to set up an application specific password for the user. For more information about setting up this application specific password within your ShareFile account see, Create an application specific password.

After signing into the correct ShareFile account with administrative credentials, you proceed to a domain sign in. Here you enter the domain and the credentials of a user with full read permissions to allow the UMT to read necessary properties from AD. If you are running this tool on a domain joined machine and signed in with a user account with the necessary permissions, you can leave the form blank and select Connect to use the local domain and user.

For best load times and speed, it is recommended to run this tool on a domain joined machine. Once authenticated, you can choose to always use this domain in the future. Also, the tool must be kept open only when updating and managing rules. The log in token will expire if the tool is kept open and cause error messages upon next load.

Proxy setup

If you need to configure a proxy server, select the Settings icon and then select Configure Proxy.

If you are unable to sign in to configure these settings, you can open this page manually by navigating to Program Files\>Citrix\>ShareFile\>User Management Tool and opening ShareFileProxyConfig.exe.


Once logged in, you can navigate to the Dashboard page. This page displays quick links to see your existing rules, to create user or group rules. Midway on the dashboard, a description displays of which ShareFile account and user in addition to the domain and user you are logged in as for this session. Finally, a history section, which shows status updates and logs for recently run rules and tasks displays.

Rule creation

Information on rule creation and scheduling can be found under provision accounts and distribution groups.