Product Documentation

To enable autodiscovery in XenMobile for user enrollment

Feb 20, 2015

Autodiscovery simplifies the enrollment process for users. They can use their network user names and Active Directory passwords to enroll their devices, rather than having to also enter details about the XenMobile server. Users enter their user name in user principal name (UPN) format; for example,

To enable autodiscovery, you must follow the procedures below to communicate your deployment information and, in the case of Windows devices, an SSL certificate to the Citrix Technical Support team. After Citrix receives this information, when users enroll their devices, the domain information is extracted and mapped to a server address. This information is maintained in the XenMobile database, so that the information is always accessible and available when users enroll.

  1. Open a Technical Support case using the Citrix Support portal and then provide the following information:
    • The domain containing the accounts with which users will enroll.
    • The XenMobile server fully qualified domain name (FQDN).
    • The XenMobile instance name. By default, the instance name is zdm and is case-sensitive.
    • User ID Type, which can be either UPN or Email. By default, the type is UPN.
    • The port used for iOS enrollment if you changed the port number from the default port 8443.
    • The port through which the XenMobile server accepts connections if you changed the port number from the default port 443.
    • Optionally, an email address for your XenMobile administrator.
  2. If you plan to enroll Windows devices, do the following:
    1. Obtain a publicly signed, non-wildcard SSL certificate for, where is the domain containing the accounts with which users will enroll. Attach the SSL certificate in .pfx format and its password to your request.
    2. Create a canonical name (CNAME) record in your DNS and map the address of your SSL certificate ( to When a Windows device user enrolls using a UPN, in addition to providing the details of your XenMobile server, the Citrix enrollment server instructs the device to request a valid certificate from the XenMobile server.

Your Technical Support case will be updated when your details and certificate, if applicable, have been added to the Citrix servers. At this point, users can start enrolling with autodiscovery.

Note: You can also use a multi-domain certificate if you want to enroll using more than one domain. The multi-domain certificate should have the following structure:
  • A SubjectDN with a CN that specifies the primary domain it serves (for example,
  • The appropriate SANs for the remaining domains (for example,,, and so on).