Configuration profiles API workflow documentation
The following content provides a detailed description of the API usage for creating, updating, and deleting configuration profiles in addition to configuring settings for it. For more details on configuration profiles as well as using the UI, please click here.
Note:
Some additional headers are required while making each of the following API calls. [1]
Step 1 : Creating a configuration profile record
Before we can configure settings for a configuration profile, first we need to create a configuration profile record which will contain all the necessary details to provide user group specific settings. We can do that by making the following API call.
- Type: POST
-
URL:
/aca/profile
- Description: Creates a new configuration profile record for the given URL.
-
Parameters:
postBody
- Contains required attributes for configuration profile record creation. [2] - Response: A JSON object containing details of a specific configuration profile. [3]
Note:
When creating a configuration profile record, it is possible to add up to 10 groups. Furthermore, a total of 20 configuration profiles can be created.
Step 2 : Fetching configuration profiles
Now that we have created a configuration profile record, we can retrieve the same using the following API calls.
2.1 : Fetching configuration profiles for a customer
- Type: GET
-
URL:
/aca/profile
- Description: Gets all the configuration profiles’ data for the given Customer ID.
- Response: A JSON object containing all configuration profile records for the customer. [4]
2.2 : Fetching configuration profiles for a specific url
- Type: GET
-
URL:
/aca/profile/url/{url}
- Description: Gets the configuration profile data for a given url.
-
Parameters:
-
url
- The specific URL in apt format (then base64 encoded). [5]
-
- Response: A JSON object containing all configuration profile records for a specific service URL owned by the customer. [4]
2.3 : Fetching data for a specific configuration profile ID
- Type: GET
-
URL:
/aca/profile/{profileId}
- Description: Gets the configuration profile data for a given configuration profile ID.
-
Parameters:
-
profileId
- The configuration profile ID to fetch data for.
-
- Response: A JSON object containing details of a given configuration profile. [3]
Step 3 : Managing settings for a configuration profile
After the creation of a configuration profile we can now assign settings to it which can be served to the user groups (subject to configuration profile priority resolution).
- Type: POST / PUT
-
URL:
/aca/settings/app/{app}/url
- Description: Creates (POST) or Updates (PUT) settings for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
url
- The given service URL in apt format. [5] -
Body
- Contains settings to be configured, url, and configuration profile ID in the format below.
-
{
"serviceURL": {
"url": {serviceURL} // Add the serviceURL here
},
"settingsProfile": {
"profileId": {configurationProfileID} // Add the configuration profile ID here
},
"settings": {
"name": "Productivity Apps",
"description": "Provides access to MS Office and other basic apps",
"useForAppConfig": true,
"appSettings": {
"windows": [
{
"category": "root",
"userOverride": false,
"assignedTo": [
"AllUsersNoAuthentication"
],
"assignmentPriority": 0,
"settings": [
{
"name": "Hide Local Keyboard Layout Setting",
"value": "false"
}
]
}
]
}
}
}
<!--NeedCopy-->
Note:
Configuration profiles are currently only supported for Workspaces and are not supported with channels. For a complete list of settings that can be configured for a configuration profile, see this.
Step 4 : Updating a configuration profile record
Once a configuration profile is created, if we need to make modifications to any of its attributes, we can make use of the following API calls.
4.1 Updating a configuration profile record
- Type: PUT
-
URL:
/aca/profile/{profileId}
- Description: Updates the configuration profile record for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
putBody
- Contains updated data. [2]
-
-
Response:
None
4.2 Adding groups to a configuration profile record
- Type: PATCH
-
URL:
/aca/profile/{profileId}/groups$add
- Description: Adds groups in a configuration profile record for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
patchBody
- Contains groups to be added. [6]
-
- Response: JSON object containing updated configuration profile data.
4.3 Removing groups from a configuration profile record
- Type: PATCH
-
URL:
/aca/profile/{profileId}/groups$remove
- Description: Patches the group IDs in a configuration profile record to remove group IDs for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
patchBody
- Contains the groups to be removed: [6]
-
- Response: JSON object containing updated configuration profile data.
4.4 Updating configuration profile priority
- Type: PATCH
-
URL:
/aca/profile/{profileId}/priority$replace
- Description: Updates priority in a configuration profile record for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
patchBody
- Contains priority to be updated. [7]
-
- Response: JSON object containing updated configuration profile data.
Step 5 : Removing a configuration profile record
If we want to remove a configuration profile record, we can do that in the following two steps. First we need to remove the settings associated with that profile, then we can proceed to remove the configuration profile record.
Step 5.1 : Deleting settings for a configuration profile
- Type: DELETE
-
URL:
/aca/settings/app/${app}/url/{url}/profile/{profileId}
- Description: Deletes settings for a particular configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to update. -
url
- The given service URL in apt format. [5]
-
- Response: None
Step 5.2 : Removing configuration profile record
- Type: DELETE
-
URL:
/aca/profile/{profileId}
- Description: Deletes the configuration profile record for a given configuration profile ID.
-
Parameters:
-
profileId
- The given configuration profile ID to delete.
-
-
Response:
None
Footer
1. The following headers are mandatory for every API call
- Citrix-CustomerId : Citrix Cloud Customer ID.
- Citrix-TransactionId : Transaction ID (GUID) that is used to track this request.
- Authorization : CWSAuth bearer={bearerToken}
2. JSON body having required attributes for configuration profile creation or updation
{
"description": "string",
"groups": [
{
"id": "string",
"name": "string"
}
],
"name": "string",
"priority": number,
"url": "string"
}
<!--NeedCopy-->
Groups can be queried by using the following command. Make sure to replace the values in curly braces.
curl --location --request POST 'https://cws.citrixworkspacesapi.net/{YOUR-CUSTOMER-ID}/users/query' \
--header 'Content-Type: application/json' \
--header 'Authorization: CWSAuth bearer={token}' \
--data-raw '
{
"adminUser": "",
"domain": "{YOUR-DOMAIN}", // Use your domain for AD or null for AZUREAD
"forest": "{YOUR-DOMAIN}", // Use your domain for AD or null for AZUREAD
"idpType": "AD", // Use your IdP type, can be AD or AZUREAD
"key": "",
"query": "gacsadmin", // Use this query to search for groups
"offerings": [],
"supportsAzureAdGroups": false // Set this flag as true if you use AZUREAD
}'
<!--NeedCopy-->
A response to the above request would look like this.
{
"results": [
{
"accountName": "gacsadmin", // Use accountName for AD as name
...
"displayName": "gacsadministrator", // Use displayName for AAD as name
...
"isGroup": true, // Consider records only which have isGroup as true
...
"universalClaims": [
"SID:/**********-*************", // Use SID prefix claim for AD as group Id
"OID:/azuread/****************" // Use OID prefix claim for AAD as group Id
]
}
]
}
<!--NeedCopy-->
Description of the attributes of the schemas
-
description
: string Providing a description of the configuration profile. -
groups
: array of objects with the following properties.-
id
: string Active Directory or Azure Active Directory ID. -
name
: string Name of the configuration profile.
-
-
name
: string consisting of alphanumerics, spaces, ‘-‘ and ‘_’. -
priority
: number between 1 and 1 million. -
url
: string the service URL in apt format. [5] -
id
: Configuration profile ID (GUID) of the created configuration profile record for example:3fa81f64-5417-1562-b3fc-2c953f63afa6
-
createdAt
: Time of creation of configuration profile record for example:2024-02-13T03:23:19.273
-
modifiedAt
: Time of last modification of configuration profile record for example:2024-02-13T03:23:19.273Z
3. JSON response body for a single configuration profile record
{
"createdAt": "string",
"description": "string",
"groups": [
{
"id": "string",
"name": "string"
}
],
"id": "string",
"modifiedAt": "string",
"name": "string",
"priority": number,
"url": "string"
}
<!--NeedCopy-->
4. JSON response body containing multiple configuration profile records
{
"count": number,
"items": [
{
"createdAt": "string",
"description": "string",
"groups": [
{
"id": "string",
"name": "string"
}
],
"id": "string",
"modifiedAt": "string",
"name": "string",
"priority": number,
"url": "string"
}
],
"nextToken": "string"
}
<!--NeedCopy-->
5. All the URLs while making calls are in the following format
{protocol}://{domain}:{port}/{path}
- protocol might be
http
orhttps
in case of StoreFront URLs - protocol is always
https
in case of Workspace URLs - path is not present in case of Workspace URLs
- path is optional in case of StoreFront URLs
6. JSON body containing groups
{
"groups": [
{
"id": "string",
"name": "string"
}
]
}
<!--NeedCopy-->
7. JSON body containing updated priority
{
"priority": 0
}
<!--NeedCopy-->
Supported settings in configuration profiles and their values
The following table lists the settings and the values that are accepted per platform in configuration profiles:
Platforms tab {.tabnav}
Windows
Platform | Category | Setting Name | Values accepted | Description |
---|---|---|---|---|
Windows | Root | Hide advanced preferences | “true”, “false” | Hides the Advanced Preferences option from the Citrix Workspace app icon in the system tray. |
Windows | Root | Hide connection center | “true”, “false” | Hides the Connection center option from the Advanced Preferences. |
Windows | Root | Hide data collection | “true”, “false” | Hides the data collection option from the Advanced Preferences. |
Windows | Root | Hide delete password | “true”, “false” | Hides the Delete passwords option from the Advanced Preferences. |
Windows | Root | Hide support info | “true”, “false” | Hides the Support information from the Advanced Preferences. |
Windows | Root | Hide Citrix casting | “true”, “false” | Hides the Citrix Casting option from the Advanced Preferences. |
Windows | Root | Hide Citrix files | “true”, “false” | Hides the Citrix Files option from the Advanced Preferences. |
Windows | Dazzle | WSC reconnect mode | [“0”, .., “15”] | Select the Workspace Control Reconnect Mode. |
Windows | Dazzle | All apps are mandatory | “true”, “false” | Adds all apps to the Favorites tab. |
Windows | Dazzle | Use different paths for start menu and desktop | “true”, “false” | Allows users to select different paths for the Start menu and shortcuts. |
Windows | Dazzle | Remove apps on exit | “true”, “false” | Removes apps upon Citrix Workspace app exit. |
Windows | Dazzle | Fast connect api support enabled | “true”, “false” | Enables fast connect API support. |
Windows | Dazzle | Put shortcuts in the startup menu | “true”, “false” | Lists the shortcuts in the Start menu. |
Windows | Dazzle | Enable FTA | “true”, “false” | Enables a default file type association. |
Windows | Dazzle | Start menu dir | String Value | Folder name in the Start menu to list the shortcuts. |
Windows | Dazzle | Enable default FTAs | “true”, “false” | Enables a default file type association. |
Windows | Dazzle | Self-service mode | “true”, “false” | Enables Self Service mode. Disabling this setting restricts access to Citrix Workspace app user interface. Users can access apps and desktops via the Start menu and desktop shortcuts. |
Windows | Dazzle | Clear app list on exit | “true”, “false” | Clears apps upon Citrix Workspace app exit. |
Windows | Dazzle | Desktop dir | String Value | Lists all the desktop shortcuts in the specified folder on the local desktop. |
Windows | Dazzle | Remove apps on logoff | “true”, “false” | Removes desktop shortcuts and apps from the Start menu upon sign-out. |
Windows | Dazzle | Use category as a desktop path | “true”, “false” | Allows to view the apps and their category folder on the local desktop. |
Windows | Dazzle | Publish safe content | “true”, “false” | Publish safe content. |
Windows | Dazzle | Suppress refresh on startup | “true”, “false” | Suppress refresh upon Citrix Workspace app startup. |
Windows | Dazzle | Clear app list on logoff | “true”, “false” | Clears the app list after you sign out from the Citrix Workspace app. |
Windows | Dazzle | Put shortcuts on desktop | “true”, “false” | Allows to create Citrix Workspace app shortcut on the desktop. |
Windows | Dazzle | Use category as a Start menu path | “true”, “false” | Allows to view the apps and their category folder in the Windows Start menu. |
Windows | Dazzle | Store Authentication Tokens | “true”, “false” | Encrypts and stores the authentication token on the local disk. Users do not have to reenter the credentials during a system or session restart. |
Windows | Dazzle | Enable User Manage Local Apps | “true”, “false” | Enables user manage local apps. |
Windows | Dazzle | Enable Local App Discovery | “true”, “false” | Enables Local App Discovery feature. This feature helps to discover and list locally installed applications on the Citrix Workspace app. |
Windows | Dazzle | Local App allow list | Array of App Object to allow list for Local App Discovery. example: [{name:””, “path”: “”, “arguments”: “”}] | Allows to configure the local app allow list. |
Windows | Dazzle | Quick Desktop Launch Support | “true”, “false” | |
Windows | ICA Client | Auto Update Rollout Priority | “Fast”, “Medium”, “Slow” | Controls when the app must be updated on the client device. |
Windows | ICA Client | Auto Update LTSR Only | “true”, “false” | Enables to get updates for LTSR only. |
Windows | ICA Client | Defer Update Count | [“-1”, .., “30”] | Specifies the number of times that a user can defer the notifications for the release updates. |
Windows | ICA Client | Enable CEIP | “true”, “false” | Collects configuration, events, properties, and usage data from the Citrix Workspace app anonymously. |
Windows | Browser | Open All Apps In Cwb | “true”, “false” | Enables to open all apps in Citrix Workspace Browser. |
Windows | Browser | Incognito Mode Availability | “Incognito mode available”, “Incognito mode disabled” | Enables availability of the incognito mode. |
Windows | Browser | Developer Tools Availability | “Disallow usage of the Developer Tools on extensions installed by enterprise policy”, “Allow usage of the Developer Tools”, “Disallow usage of the Developer Tools” | Enables availability of the developer tools. |
Windows | Browser | Enable Password Save | “true”, “false” | If you enable password saving, Citrix Workspace app stores the password on the device for future logons and does not prompt for passwords when users connect to applications. |
Windows | Browser | Extension Install Force List | Array of strings, example : [“extension_id1”,”extension_id2”] | |
Windows | Browser | Extension Install Allow List | Array of objects of type ExtensionInstallAllowlist. Example : {“id”:”extension_id1”,”name”:”extension_name1”,”install link”:”chrome store url for the extension”} | |
Windows | Browser | Managed Bookmarks | Array of objects of type CitrixBrowserBookmarkModel. Example: [{“toplevel_name”:”My managed bookmarks folder”},{“name”:”Google”,”url”:”google.com”},{“name”:”Youtube”,”url”:”youtube.com”},{“name”:”Chrome links”,”children”:[{“name”:”Chromium”,”url”:”chromium.org”},{“name”:”Chromium Developers”,”url”:”dev.chromium.org”}]}] | |
Windows | Browser | Delete Browsing Data On Exit | Array of Strings, example: [“browsing_history”,”download_history”] | |
Windows | Browser | auto fill address enabled | “true”, “false” | When enabled, AutoFill suggests or fills the address information. |
Windows | Browser | auto fill credit card enabled | “true”, “false” | When enabled, AutoFill suggests or fills the credit card information. |
Windows | Browser | command line flag security warnings enabled | “true”, “false” | When enabled, displays the security warnings when potentially dangerous command-line flags are used to launch the browser. |
Windows | Browser | payment method query enabled | “true”, “false” | When enabled, websites are allowed to verify if you’ve saved any payment methods already. |
Windows | Browser | saving browser history disabled | “true”, “false” | When enabled, the browsing history doesn’t get saved, tab syncing is off, and you can’t change this setting. |
Windows | Browser | search suggests enabled | “true”, “false” | When enabled, search suggestions are enabled and for the browser’s address bar. This policy doesn’t affect the suggestions based on bookmarks or history. |
Windows | Browser | export bookmark allowed | “true”, “false” | |
Windows | Browser | force ephemeral profiles | “true”, “false” | |
Windows | Browser | default cookies setting | “Allow all sites to set local data”, “Do not allow any site to set local data”, “Keep cookies for the duration of the session” | Specify how you want to handle the cookies. |
Windows | Browser | default popup setting | “Allow all sites to show pop-ups”: “Allow all sites to show pop-ups”, “Do not allow any site to show pop-ups”, “BlockPopups applies, but users can change this setting” | When enabled, all sites are allowed to display pop-ups. When disabled, no site is allowed to display pop-ups. |
Windows | Browser | relaunch notification period | [“1”, .., “2147483647”] | Specify the time in milliseconds after which the users are notified that the browser must be relaunched or the device must be restarted to apply a pending update. If not set, the default period of 604800000 milliseconds (one week) is used. |
Windows | Browser | look alike warning allowlist domains | An array of strings. For example, [“foo.example.com”,”example.org”]. | Specify the list of websites where lookalike URL warnings are prevented from displaying. The lookalike URL warnings are displayed on the websites that the browser assumes to be trying to imitate another website that the user is familiar with. |
Windows | Browser | extension installs sources | An array of strings. For example, [“https://corp.mycompany.com/”,”https://corp1.mycompany1.com/”]. | Specify the URLs which can install the extensions, apps, and themes. |
Windows | Browser | auto launch protocols from origins | An object of type AutoLaunchProtocolsFromOriginsModel. For example, {“protocol”: “teams”, “allowedOrigins”: [“example.com”, “http://www.example.com:8080”]}. | Specify a list of protocols that can launch an external application from the listed origins without prompting the user. |
Windows | root | enable ftu | “true”, “false” | Use to suppress the Add Account screen. |
Windows | dazzle | maximize workspace window | “true”, “false” | Shows Citrix Workspace app in the maximized window, by default. |
Windows | dazzle | show reconnection prompt to reconnect sessions | “true”, “false” | Shows a prompt that allows the users to reconnect to all the disconnected sessions. |
Windows | ICA Client | window size | Default window size of the Citrix Workspace app. |
macOS
Platform | Category | Setting Name | Values accepted | Description |
---|---|---|---|---|
macOS | ICA Client | Reconnect Apps and Desktops | String Value example: “startWorkspace”, “refreshApps” | Allows users to reconnect to a session when the user sign-in to the Citrix Workspace app. |
macOS | ICA Client | Enable CEIP | “true”, “false” | Enables Citrix Customer Experience Improvement Program(CEIP) to collect usage data anonymously. Disabling this setting sends Citrix Workspace app version only. |
macOS | ICA Client | Auto Update Rollout Priority | “Fast”, “Medium”, “Slow” | Controls when the app must be updated on the client device. |
macOS | ICA Client | Defer Update Count | [“-1”, .., “30”] | Specifies the number of times that a user can defer the notifications for the release updates. |
macOS | ICA Client | reconnect on sign-in | “true”, “false” | Allows a session to automatically reconnect when a new account is added or during sign-in. |
macOS | ICA Client | reconnect on refresh | “true”, “false” | Automatically reconnects to a session launched from another device when upon refresh of the apps or desktops on the second device |
macOS | Root | Hide Citrix casting | “true”, “false” | Hides Citrix Casting option from the Advanced Preferences. Citrix Casting option appears when this setting is disabled and allows the users to enable or disable the Citrix Casting feature. |
macOS | Root | Hide delete password | “true”, “false” | Hides Delete passwords option from the Advanced Preferences and restricts users to clear the stored passwords. |
macOS | Root | Hide Citrix files download location | “true”, “false” | Hides Citrix Files option from the Advanced Preference and restricts the users to update the files download location. |
macOS | Root | Enable Quick Access for StoreFront | “true”, “false” | Allows StoreFront users to open their favorite apps and desktops from the Quick Access menu. Learn more |
macOS | Dazzle | Remove apps on logoff | “true”, “false” | Removes the app shortcut added to the Favorites upon sign-out. |
macOS | Dazzle | Add shortcuts to launchpad | “true”, “false” | Allows users to add shortcut of the app to the Favorites. |
macOS | Dazzle | Maximize workspace window | “true”, “false” | Enables to open the Citrix Workspace app in the maximized mode, by default. |
macOS | Browser | Open All Apps In Cwb | “true”, “false” | Enables to open all apps in Citrix Workspace Browser. |
macOS | Browser | Incognito Mode Availability | “Incognito mode available”, “Incognito mode disabled” | Enables availability of the incognito mode. |
macOS | Browser | Developer Tools Availability | “Disallow usage of the Developer Tools on extensions installed by enterprise policy”, “Allow usage of the Developer Tools”, “Disallow usage of the Developer Tools” | Disallow usage of the Developer Tools on extensions installed by enterprise policy. |
macOS | Browser | Enable Password Save | “true”, “false” | If you enable password saving, Citrix Workspace app stores the password on the device for future logons and does not prompt for passwords when users connect to applications. |
macOS | Browser | Extension Install Force List | Array of strings, example : [“extension_id1”,”extension_id2”] | |
macOS | Browser | Extension Install Allow List | Array of objects of type ExtensionInstallAllowlist. Example: {“id”:”extension_id1”,”name”:”extension_name1”,”install link”:”chrome store url for the extension”} | |
macOS | Browser | Managed Bookmarks | Array of objects of type CitrixBrowserBookmarkModel. Example: [{“toplevel_name”:”My managed bookmarks folder”},{“name”:”Google”,”url”:”google.com”},{“name”:”YouTube”,”url”:”youtube.com”},{“name”:”Chrome links”,”children”:[{“name”:”Chromium”,”url”:”chromium.org”},{“name”:”Chromium Developers”,”url”:”dev.chromium.org”}]}] | |
macOS | Browser | Delete Browsing Data On Exit | Array of Strings, example: [“browsing_history”,”download_history”] | |
macOS | Browser | auto fill address enabled | “true”, “false” | When enabled, AutoFill suggests or fills the address information. |
macOS | Browser | auto fill credit card enabled | “true”, “false” | When enabled, AutoFill suggests or fills the credit card information. |
macOS | Browser | command line flag security warnings enabled | “true”, “false” | When enabled, displays the security warnings when potentially dangerous command-line flags are used to launch the browser. |
macOS | Browser | payment method query enabled | “true”, “false” | When enabled, websites are allowed to verify if you’ve saved any payment methods already. |
macOS | Browser | saving browser history disabled | “true”, “false” | When enabled, the browsing history doesn’t get saved, tab syncing is off, and you can’t change this setting. |
macOS | Browser | search suggests enabled | “true”, “false” | When enabled, search suggestions are enabled and for the browser’s address bar. This policy doesn’t affect the suggestions based on bookmarks or history. |
macOS | Browser | export bookmark allowed | “true”, “false” | |
macOS | Browser | force ephemeral profiles | “true”, “false” | |
macOS | Browser | default cookies setting | “Allow all sites to set local data”, “Do not allow any site to set local data”, “Keep cookies for the duration of the session” | Specify how you want to handle the cookies. |
macOS | Browser | default popup setting | “Allow all sites to show pop-ups”: “Allow all sites to show pop-ups”, “Do not allow any site to show pop-ups”, “BlockPopups applies, but users can change this setting” | When enabled, all sites are allowed to display pop-ups. When disabled, no site is allowed to display pop-ups. |
macOS | Browser | relaunch notification period | [“1”, .., “2147483647”] | Specify the time in milliseconds after which the users are notified that the browser must be relaunched or the device must be restarted to apply a pending update. If not set, the default period of 604800000 milliseconds (one week) is used. |
macOS | Browser | look alike warning allowlist domains | An array of strings. For example, [“foo.example.com”,”example.org”]. | Specify the list of websites where lookalike URL warnings are prevented from displaying. The lookalike URL warnings are displayed on the websites that the browser assumes to be trying to imitate another website that the user is familiar with. |
macOS | Browser | extension installs sources | An array of strings. For example, [“https://corp.mycompany.com/”,”https://corp1.mycompany1.com/”]. | Specify the URLs which can install the extensions, apps, and themes. |
macOS | Browser | auto launch protocols from origins | An object of type AutoLaunchProtocolsFromOriginsModel. For example, {“protocol”: “teams”, “allowedOrigins”: [“example.com”, “http://www.example.com:8080”]}. | Specify a list of protocols that can launch an external application from the listed origins without prompting the user. |
{}
In this article
- Step 1 : Creating a configuration profile record
- Step 2 : Fetching configuration profiles
- Step 3 : Managing settings for a configuration profile
- Step 4 : Updating a configuration profile record
- Step 5 : Removing a configuration profile record
- Footer
- Supported settings in configuration profiles and their values