Developer Documentation
Connector Appliance APIs

Configuring service accounts

October 13, 2023
Contributed by: 
C

You can add/delete a service account for a specific domain so that Connector Appliance can use that to finish the Kerberos SSO delegation instead of using a machine account that is created after joining a domain, which is the current way Connector Appliance works with. For example, if Citrix Secure Private Access customers wanted to finish Kerberos SSO before, they had to join a domain, and then by using the machine account created after joining a domain to finish the Kerberos delegation. However, with this feature, customers can use a service account in a domain to finish Kerberos SSO without the need to join a domain.

For more information, see the product documentation.

List all the service accounts

Use this call to list all the service accounts configured in this connector appliance.

Request 

GET /serviceAccounts HTTP/1.1
Accept: */*
Host: <connector-appliance-ip-address>
Authorization: Bearer <token>
<!--NeedCopy-->

Response 

HTTP/1.1 200 OK
...
{
    "items": [
        {
            "domainName": "<ad-domain-name>",
            "accountName": "<service-account-name>",
            "id": "<service-account-id>"
        }
    ]
}
<!--NeedCopy-->

Add a service account

Use this call to add a service account belonging to an Active Directory domain.

Currently, we only support configuring one service account in one domain.

Request 

POST /serviceAccounts HTTP/1.1
Accept: */*
Authorization: Bearer <token>
Host: <connector-appliance-ip-address>
Content-Type: application/json
...

{"accountName": "<service-account-name>", "password": "<password>", "domain": "<ad-domain-name>"}
<!--NeedCopy-->

Response

Success 

HTTP/1.1 201 OK
<!--NeedCopy-->

Service account already exists or the domain already has a service account 

HTTP/1.1 409 Conflict
...
{
    "type": "https://errors-api.cloud.com/connapp/conflict",
    "detail": "A service account for this domain already exists"
}
<!--NeedCopy-->

Delete a service account

Use this call to remove a service account in a Connector Appliance.

Request 

DELETE /serviceAccounts/{account_id}
Host: <connector-appliance-ip-address>
Authorization: Bearer <token>
<!--NeedCopy-->

Responses

Success 

HTTP/1.1 204 No Content
<!--NeedCopy-->

Domain not found 

HTTP/1.1 404 Not Found
...
{
    "type": "https://errors-api.cloud.com/common/notFound",
    "detail": "Not found",
    "parameters": [
        {
            "name": "entityType",
            "value": "https://identifiers-api.cloud.com/connapp/serviceAccount"
        },
        {
            "name": "id",
            "value": ""
        }
    ]
}
<!--NeedCopy-->

The service account was not found on the Connector Appliance. Check that the service account id in the request is correct.

Resources
Connector Appliance APIs OpenAPI Specification
Copy Download
Configuring service accounts
October 13, 2023
Contributed by: 
C
October 13, 2023
Contributed by: 
C

In this article

Resources
Connector Appliance APIs OpenAPI Specification
Copy Download
Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.