Product Documentation

Editing the Provisioning Template

May 09, 2015

Use a text editor or XML file editor to edit the generated template. The provisioning template uses Service Provisioning Markup Languagex (SPML), an XML-based standard for data interchange. As with XML, ensure that each SPML tag or element (for example, the <add> tag) is well-formed and conforms to XML syntax rules. For example, when removing comment characters such as !-- and --, ensure that you remove any extraneous angle bracket characters (< or >) or errors might result during processing of the provisioning template. For detailed information about XML, see the W3C Web site at http://www.w3.org/. Ensure that you remove comment characters (!-- and --) where applicable.

Example Output

The generated template includes the following:

  • <user> information about the user who generated the template
  • <add> command for the application name in the user configuration
  • <modify> command with the application definition name

Near the bottom of the XML file is the specific information about the selected user configuration that you can copy and use in your template. For example:

 
<user fqdn=“DOMAIN\Fred-Admin”> 
<!--Application Group: PNA--> 
<!--Application Definition: Citrix GoToMeeting--> 
 
<!--<add> 
	<application name=“Citrix GoToMeeting”>0998ac2c-baa5-4103-809a-b2daeea047f3</application> 
	<name>Citrix GoToMeeting</name> 
	<description>Citrix GoToMeeting Login</description> 
	<hidden-description>Citrix GoToMeeting hidden Description</hidden-description> 
	<userID>userId</userID> 
	<password>password</password> 
</add>--> 
 
<!--<modify> 
	<credential-id>00000000-0000-0000-0000-000000000000</credential-id> 
	<name>Citrix GoToMeeting</name> 
	<description>Citrix GoToMeeting Login</description> 
	<hidden-description>Citrix GoToMeeting hidden Description</hidden-description> 
	<userID>userId</userID> 
	<password>password</password> 
</modify>--> 
 
</user> 

For example, you can copy the user information between the <user> and </user> tags, uncomment it, and edit it for each user whose credentials you wish to add.

Note: In the example above, <user fqdn=“DOMAIN\Fred-Admin”> is the domain and user name of the user who generated the template. You can comment out this information or delete it if you do not want to store it in the template.

The cpm-provision Tag

Note that you must include your desired tags and commands within the <cpm-provision> provisioning tag (located around line 70 in the generated XML file):

<cpm-provision version=“1.0” xmlns=“http://citrix.com/Provision/Import”>

insert <user> tag and commands here

</cpm-provision>

The user Tag

Use the <user> tag to add domain and user name information for each user whose application credentials you wish to provision. You must provide one <user> tag for each user to be provisioned. Each <user> tag will also contain the commands to execute on this user account.

The syntax for this command is as follows.

 
<user fqdn=“yourDomain\usrid”> 
	<command> 
</user> 

where:

yourDomain Indicates the domain name of the user to be added
userid Indicates the username of the user to be added
command
Indicates one or more commands that you can execute on this user:
  • <add>
  • <modify>
  • <delete>
  • <remove>
  • <reset>
  • <list-credentials>

The add Command

The <add> command enables you to add a user name and password required for the applications included in the user configuration.

The syntax for this command is as follows.

 
<add> 
	<application name=“%APPNAME%”>%APPGUID%</application> 
	<name>	<description>longDescription</description>%CREDENTIALNAME%</name> 
	<description>longDescription</description> 
	<hidden-description>%APPNAME% hidden description</hidden-description> 
	<userID>userid</userID> 
	<password>password</password> 
	<custom-field index=“1” label=“%LABELTEXT%”>custom-field1 </custom-field> 
	<custom-field index=“2” label=“%LABELTEXT%”>custom-field2 </custom-field> 
</add> 

where:

<application>

Required. The <application> element and its attributes are typically generated automatically when you generate a template.

The name= attribute is optional.
  • %APPNAME% is the name of the application definition in the selected user configuration.
  • %APPGUID% is the GUID of the application and must match
<name>

Required. The <name> element and its attributes are typically generated automatically.

  • %CREDENTIALNAME% is the name of the application in the application definition.
<description> Optional. Type text that describes the user configuration.
<hidden-description> Optional. Type any text here.
<userID> Required. userid is the user name of the user to be added.
<password> Required. password is the password for the user to be added.
<custom-field> Required if another field is required for authentication (for example, for a field where the user must enter the domain). Use as many custom fields as required by the application.

The modify Command

The <modify> command enables you to modify a user name and password required for the applications included in the user configuration.

Important: This command requires the user’s credentials. You can retrieve user credentials by using the <list-credentials> command before using the <modify> command.
Include only those elements you want to modify:
  • To leave a value unchanged, delete the line. For example, delete the <name> element to leave the application name as is.
  • To change a value, specify the value in the template. For example, include the <name> element to specify a new application name.
  • A value is cleared by including the element without a value. For example, use <description></description> to delete the current description.

The syntax for this command is as follows.

 
<modify> 
	<credential-id>%CREDENTIAL-ID%</credential-id> 
	<name>%CREDENTIALNAME%</name> 
	<description>longDescription</description> 
	<hidden-description>%APPNAME% hidden description</hidden-description> 
	<userID>userid</userID> 
	<password>password</password> 
	<custom-field index=“1” label=“%LABELTEXT%”> 
	custom-field1 </custom-field> 
	<custom-field index=“2” label=“%LABELTEXT%”>custom-field2 </custom-field> 
</modify> 

where:

<credential-id> Required. The credential GUID value %CREDENTIAL-ID% of the user must match the value returned by a <list-credentials> command.
<name>
Optional. The <name> element and its attributes are typically generated automatically.
  • %CREDENTIALNAME% is the name of the application in the application definition.
<description> Optional. Type text that describes the user configuration.
<hidden-description> Optional. Type any text here.
<userID> Required. userid is the user name of the user to be modified.
<password> Required. password is the password for the user to be modified.
<custom-field> Required if another field is required for authentication (for example, for a field where the user must enter the domain). Use as many custom fields as required by the application.

The delete Command

The <delete> command enables you to delete a user’s credentials for a specific SSO-enabled application.

Important: This command requires the user’s credentials. You can retrieve user credentials by using the <list-credentials> command before using the <delete> command.

The syntax for this command is as follows.

 
<user fqdn=“yourDomain\userid”> 
	<delete> 
		<credential-id>%CREDENTIAL-ID%</credential-id> 
	</delete> 
</user> 

where:

yourDomain Indicates the domain name of the user.
userid Indicates the user name of the user.
<credential-id> Required. The credential GUID value %CREDENTIAL-ID% of the user must match the value returned by a <list-credentials> command.

The remove Command

The <remove> command enables you to remove user data and information from the central store. Use this command when a user leaves your enterprise permanently. The local credential store on the user device remains intact until it is explicitly deleted by an administrator or operator.

The syntax for this command is as follows.

 
<user fqdn=“yourDomain\userid”> 
	<remove /> 
</user> 

where:

yourDomain Indicates the domain name of the user.
userid Indicates the user name of the user.
Note: This command is similar to the Single Sign-on Delete user data from central store task carried out from the Citrix AppCenter.

The reset Command

The <reset> command enables you to reset user information in your central store, which results in the selected user being returned to an initial state. In the case of non-Active Directory central stores, the user folders are retained, but all user data (such as credentials, enrollment questions and answers) is deleted. In Active Directory central stores, the user data is deleted and the user is flagged as having had data reset.

The syntax for this command is as follows.

 
<user fqdn=“yourDomain\userid”> 
	<reset /> 
</user> 

where:

yourDomain Indicates the domain name of the user.
userid Indicates the user name of the user.
Note: his command is similar to the Single Sign-on Reset user data task carried out from the Citrix AppCenter.

The list-credentials Command

The <list-credentials> command enables you to retrieve a specific user’s credentials for each application in the associated user configuration. The <modify> and <delete> commands require that you use the retrieved credential GUID as the value for the %CREDENTIAL-ID% parameter.

The identification number that this command retrieves is a credential GUID; for example, 634EE015-10C2-4ed2-80F5-75CCA9AA5C11.

The syntax for this command is as follows.

 
<user fqdn=“yourDomain\userid”> 
	<list-credentials /> 
</user> 

where:

yourDomain Indicates the domain name of the user.
userid Indicates the user name of the user.