Product Documentation

To enable auto-discovery for user enrollment

Apr 15, 2015

Auto-discovery simplifies the enrollment process for users by enabling them to enroll their devices using their corporate network user names and passwords rather than requiring them to enter details about the Device Manager server. User names must be entered in user principal name (UPN) format; for example, user@mycompany.com.

Auto-discovery requires that you send the Citrix Technical Support team specific deployment information and, in the case of Windows devices, an SSL certificate. After Citrix receives this information, when users enroll their devices, the domain information is extracted and mapped to a server address so that the user has only to enter their Microsoft Active Directory password to enroll. This information is maintained in the Citrix XenMobile database so that it is always accessible and available when users enroll.

  1. Open a Technical Support case using the Citrix Support portal and provide the following information.
    • The domain containing the accounts with which users will enroll.
    • The Device Manager server host name.
    • The Device Manager instance name. For cloud-hosted versions of Device Manager, this value is the instance name you chose during registration. In the case of on-premise installations, the instance name is usually zdm or xdm.
    • The port used for iOS enrollment if you changed the port number from the default port 8443.
    • The port through which the Device Manager server accepts connections if you changed the port number from the default port 443.
    • Optionally, an email address for your Device Manager administrator.
  2. If you plan to enroll Windows devices, obtain a publicly signed, non-wildcard SSL certificate for enterpriseenrollment.mycompany.com, where mycompany.com is the domain containing the accounts with which users will enroll. Attach the SSL certificate in .pfx format and its password to your request.

    The use of non-wildcard certificates is recommended for security purposes.

  3. If you plan to enroll Windows devices, create a canonical name (CNAME) record in your DNS. You map the address for which you obtained the SSL certificate to the address of the Citrix enrollment server.

    When a Windows device user enrolls using a UPN, in addition to providing the details of your Device Manager server, the Citrix enrollment server instructs the device to request a valid certificate from the Device Manager server.

Citrix Technical Support will notify you when your details and certificate, if applicable, have been added to the Citrix servers. At this point, users can start enrolling with auto-discovery.