Citrix ShareFile and Citrix XenMobile make a great combination for any business looking to enable mobile productivity. Not only do the two products make a killer combo, they have both been individually voted as LEADERS in the Gartner Magic Quadrant for their respective categories: ShareFile for Enterprise File Sync and Share and XenMobile for Enterprise Mobility Management. Since each product is feature rich in its own way, our focus is to make the two products work better, together, without sacrificing any functionality of the individual products.

A year ago, I blogged about Demystifying the ShareFile user provisioning process through XenMobile App Controller. That blog helped clarify the internal integration around how the two products worked in conjunction with each other. However, for customers who like to manage their ShareFile service separately, we have a powerful User Management Tool (UMT).

The UMT has capabilities such as the following when provisioning users:

  • Set user permissions (Create root folders, use File Box, manage client users, administer the address book)
  • Create and sync AD distribution groups
  • Enforce user authentication type (allow/disallow user to change ShareFile password)
  • Control “My Settings” in the ShareFile web app
  • Disable the ShareFile user when the AD user is disabled
  • Configure storage quotas

Over the last year, we heard from many of our joint ShareFile/XenMobile customers expressing their interest in using the UMT to manage users in ShareFile.

YOU ASKED FOR IT – We delivered!

Starting with XenMobile 10.1, we have added a new “User account provisioning” policy in the XenMobile Server that lets you decide how you choose to manage the user creation.


  • When User account provisioning = OFF (Default) – In this mode, the XenMobile server does not provision any users to the ShareFile account. It is recommended that you use the UMT in this scenario.The biggest change here is that the XenMobile server does not maintain a list of reconciled/un-reconciled users. Users in Delivery Groups which have a ShareFile entitlement will get a SAML token and the ShareFile control plane becomes the gatekeeper to accept or reject the login based on whether the user is a part of the ShareFile account.

OCA_provisioning _OFF_rohan_SF_XM

  • User account provisioning = ON – If you prefer to use a single pane of glass to configure your ShareFile setting in XenMobile, then you can turn this policy to ON. In this mode, XenMobile will provision users into ShareFile on-demand. To learn more about on-demand provisioning please read the support article posted here. The XenMobile Server continues to maintain a list of the reconciled vs. un-reconciled users and will not allow unreconciled users to SSO to ShareFile.

OCA_provisioning _ON_Reconciled_rohan_SF_XM

OCA_provisioning _ON_Unreconciled

We believe that this change lets you choose the best way to onboard your users on XenMobile and ShareFile.

To get a quick overview on the ShareFile User Management Tool, please refer to e-docs

For a detailed setup instructions, please see the Admin Guide