The User Management Tool stores account provisioning rules with your account information in the ShareFile cloud. You can install the tool on any machine and access your rules by logging in to your ShareFile account.
The ShareFile account information needed to log on to the User Management Tool are saved on your local machine in the configuration file for each job and secured with DPAPI encryption. When you open the User Management Tool, your ShareFile account URL and user name are pre-filled and you must enter your password.
Verify that your environment meets the system requirements before installing the tool.
If you encounter an error referencing “Try enabling AD Diagnostic Logging” or “Try running UMT elevated”, you should:
- Run the UMT tool as an Administrator by right-clicking the UMT Program Icon and selecting Run As…Administrator, or editing the shortcut properties to always Run as Admin within the Advanced Tab.
- When working with scheduled tasks - select “Run with highest privileges” when creating a Task.
In AD, create a test group containing a few users that already have ShareFile employee accounts. If that is not possible, identify an AD Organizational Unit (OU) that you can use for testing.
From the ShareFile download page at MyCitrix.com, download the User Management Tool installer to a server that is in the AD domain.
If you do not plan to schedule synchronization, you can install the tool on a workstation instead.
Run the installer, following the prompts to complete the installation.
A shortcut for the tool is placed on the Start menu and your desktop.
Start the User Management Tool. The User Management Tool log on page appears.
Enter the ShareFile account information and then click Log on.
Account URL is your ShareFile account URL, in the form
https://mysubdomain.sharefile.com or, in Europe,
Specify an email address that is associated with an administrative or service user on the ShareFile account.
The User Management Tool window appears.
Connect to the AD domain to be used to create users and distribution groups in ShareFile.
Specify an AD user account that has full read permission on the AD domain.
If you need to configure a proxy server, click the icon and then click Configure Proxy.
- For best performance, install .NET Framework on a domain-joined machine or VM.
IMPORTANT: Users on the following machines must manually enable .NET 3.5 in order to run the ShareFileProxyConfig.exe file.
- Windows Server 2012R2
- Windows 8 or later
Information on manually enabling .NET 3.5 can be found within the following Microsoft article: https://msdn.microsoft.com/en-us/library/windows/desktop/hh848079%28v=vs.85%29.aspx
Based on the test group or OU that you identified in step 1, click either the Groups tab or the Users tab, click the test group or OU, and then click Add Rule.
Click the Rules tab and then click Refresh. The changes that will occur when the rules are run appear in the Actions area. If no changes are listed, the rules you applied did not result in new or changed user accounts or groups.
Schedule the AD synchronization: Click Schedule and then use the Save Job dialog box to create a named job and specify a synchronization schedule.
After the scheduled synchronization, log on to the ShareFile interface and verify that the accounts are created.
If you clicked the Groups tab: In the Edit Groups Rule dialog box, select the check boxes for Create a ShareFile distribution group… and Update the ShareFile distribution group… to create and update new employee accounts and distribution groups. If the AD group includes users that do not have ShareFile accounts, you have the option to create the employee accounts too. Review and update the user options that appear, as needed. The options apply to each user created.
If you clicked the Users tab: In the Edit Users Rule dialog box, review and update the options as needed. The options apply to each user created.
The Windows user context in effect when you create a job is also used to run the job.
To create a job that uses advanced configuration such as triggers, actions, or conditions, specify a Schedule of Manual and then use the Windows Task Scheduler.