Enroll agents 编辑

Introduction

You can enroll Workspace Environment Management (WEM) agents without configuring Citrix Cloud Connectors. Before you do that, consider the following:

• The enrollment applies to both domain-joined and non-domain-joined machines but applies only to physical machines and persistent VMs.
• For Citrix DaaS managed VMs, we recommend using the same method to connect the agent to Citrix Cloud as you do for the VDA — through the Cloud Connector or the non-domain-joined method. See Determine which setup method to use.
• To ensure that persistent VMs enroll properly:
  • Remove machine-specific information by generalizing a VM before creating an image. For information about using Sysprep to generalize a VM, see the Microsoft product documentation: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation?view=windows-11.

This feature requires that you select Skip Configuration when installing the agent and that you do not enable the Discover Citrix Cloud Connector from CVAD service policy.

Enroll agents

You have the flexibility to determine how to enroll your WEM agents. There are two ways:

• Enroll by invitation. This requires the web console. Users can be invited to participate in the enrollment process.

• Enroll with the bearer token or API secure client. This doesn’t require the console and doesn’t require users to participate in the enrollment process.

Enroll by invitation

To manage user devices remotely and securely, you enroll user devices in WEM.

A general workflow to enroll by invitation is as follows:

1. In Manage > Web Console > Enrollment > Invitation, enable Enroll by invitation and then generate an enrollment key.

2. On the agent machine, install the enrollment key using the enrollment tool.

   1. Open the command prompt as the administrator.

   2. Run the following command.(Replace <enrollment key> with the actual key.)

      • Citrix.Wem.Agent.EnrollmentUtility.exe configenrollmentkey -k <enrollment key>

      Tip:

      • The enrollment tool, Citrix.Wem.Agent.EnrollmentUtility.exe, is available in the agent installation folder. For more information, see Enrollment tool.
      • When preparing a master image, you can install the agent on the master image. Then, you use the master image as a template for creating machines for your users. This way, you don’t need to install the enrollment key for each agent.

3. In Manage > Web Console > Enrollment > Invitation, send an enrollment invitation to users.

After users receive the invitation, they can enroll their devices using the invitation code. See Enroll the agent with an invitation code.

After a device enrolls, it becomes managed and appears in Manage > Web Console > Enrollment > Enrolled Agents. You can add it to a desired configuration set for precise management. See Manage the enrolled agent.

Enroll the agent with an invitation code

Important:

Enrolling an agent requires local administrator permissions.

As users, you receive the following invitation email:

Enroll your device using the invitation code as follows:

1. Open your desktop Start menu and select Citrix > WEM Enrollment Registration Utility.

   Tip:

   If the utility is not available in the Start menu, go to the WEM agent installation folder and open Citrix.Wem.Agent.Enrollment.RegUtility.exe.

2. In Enrollment Registration Utility, verify that the status of the enrollment key is Installed and click Enroll Agent.

   Note:

   If the status of the enrollment key is not Installed, contact your administrator.

3. In the Enroll Agent window, paste the invitation code (copied from the invitation email) and click Start Enrolling.

If the agent enrolls successfully, you see the following message: The agent was enrolled successfully. You can click Close to return to Enrollment Registration Utility, which shows the following information:

Note:

Enrolling with the bearer token or API secure client does not require the participation of the enrollment key. If you use the Enrollment Registration Utility to check the enrollment status on an agent machine enrolled with the bearer token or API secure client, the Enrollment key status field appears as Not installed and the Enrollment status field appears as Enrolled.

Enroll with the bearer token or API secure client

To enroll an agent machine, perform the following steps:

1. Sign in to Citrix Cloud and get a bearer token or an API secure client for authentication to the Citrix API service. For information about how to generate an API secure client and a bearer token, see Get started with Citrix Cloud APIs.

2. Log on to the machine that has the agent installed.

3. Open a command prompt window.

   • To enroll the agent with the bearer token, type the following command:

     • Citrix.Wem.Agent.EnrollmentUtility.exe enroll --customer "customerid" --bearer "bearertoken" --url "api.wem.cloud.com"

     Tip:

     When using a bearer token, be aware that the base URL is unique for each region. For more information, see Base URLs. If unspecified, the URL for the US region (api.wem.cloud.com) is used.

   • To enroll the agent with the API secure client, type the following command:

     • Citrix.Wem.Agent.EnrollmentUtility.exe enroll --customer "customerid" --clientid "clientid" --clientsecret "clientsecret" --authurl "api-us.cloud.com" --url "api.wem.cloud.com"

     Tip:

     • When using a secure client, be aware that there are two URLs.
     • The first URL is the authentication URL, which is unique for each region. For more information, see Get started with Citrix Cloud APIs. If unspecified, the URL for the US region (api-us.cloud.com) is used.
     • The second URL is the base URL, which is also unique for each region. For more information, see Base URLs. If unspecified, the URL for the US region (api.wem.cloud.com) is used.

Alternatively, in Step 3, create a configuration file in JSON format and use the file with the following command:

• Citrix.Wem.Agent.EnrollmentUtility.exe enroll --config "configfilepath"

Note:

We recommend that you delete the configuration file after the enrollment because the file contains sensitive information.

The format of the configuration file is as follows:

Tip:

When using a bearer token or secure client, you can leave the corresponding fields empty.

    {

    "CustomerId": The Citrix Cloud customer ID,

    "ClientId": The secure client ID of the Citrix Cloud API client,

    "ClientSecret": The secure client secret of the Citrix Cloud API client,

    "AuthUrl": The base URL of the Citrix Cloud API used to get the bearer
    token,

    "BearerToken": The Citrix Cloud bearer token,

    "BaseUrl": The base URL of the WEM RESTful APIs

    }

<!--NeedCopy-->