xtna-util Reference
xtna-util is the cross-platform provisioning utility for XplicitTrust Network Access. It handles asset and client enrollment, configuration import/export, connectivity diagnostics, and service management.
Usage
# Register via interactive OAuth authentication
xtna-util -user <admin_email> [options]
# Register via asset creation token (unattended)
xtna-util -token <token> -domain <tenant_domain> [options]
# Import configuration from file
xtna-util -import <config_file> [-json]
# Connect / disconnect a user session
xtna-util -connect -user <email> [-domain <tenant_domain>]
xtna-util -disconnect
# Create a client for a user
xtna-util -create-client -user <email> -token <token>
# Connectivity diagnostics
xtna-util -connectivity [-domain <tenant_domain>] [-servers <server1,...,serverN>]
# Status and version
xtna-util -status
xtna-util -service-status
xtna-util -version
xtna-util -service-version
# Send diagnostic logs
xtna-util -send-logs
Flags
Registration
These flags control how an asset is registered with XplicitTrust.
| Flag | Alias | Description |
|---|---|---|
-user <email> |
-c |
Admin user email address. Initiates interactive OAuth authentication. |
-token <token> |
Asset creation token for unattended registration. Requires -domain. |
|
-domain <tenant_domain> |
-d |
Domain of the tenant to log in to. Required when using -token. |
-name <name> |
-n |
Set the asset name. Defaults to the system hostname. |
-tags <tag1,...,tagN> |
Comma-separated list of tags to assign to the asset. Each tag must be 12 characters or fewer. | |
-dst-policy <Name[=svc1,svc2]> |
Add the asset as a destination to a policy. Optionally specify services after =. Repeatable. |
|
-src-policy <Name> |
Add the asset as a source to a policy. Repeatable. | |
-default-policy |
-D |
Assign the asset to the "Default Policy". |
-force |
-f |
Override an existing asset with the same host ID on the server. |
-ignore-hostname |
Do not use the system's real hostname during registration. | |
-setup-adfs |
Configure XplicitTrust ADFS application. Only available on Windows Server with ADFS installed. Requires -token. |
User Session
| Flag | Description |
|---|---|
-connect |
Connect as the provided user. Requires -user, optionally -domain. |
-disconnect |
Disconnect the current user session. |
-create-client |
Create a client for the provided user. Requires -user and -token. |
Configuration
| Flag | Alias | Description |
|---|---|---|
-import <config_file> |
-i |
Import a configuration file (JSON). |
Diagnostics
| Flag | Description |
|---|---|
-connectivity |
Test connectivity to XplicitTrust infrastructure. Optionally use -domain and -servers. |
-servers <server1,...,serverN> |
Comma-separated list of servers to include in the connectivity check. |
-service-status |
Check whether xtna-service is running. |
-send-logs |
Collect and send diagnostic logs. |
-status |
Show current configuration status. |
Output
| Flag | Description |
|---|---|
-json |
Generate JSON output instead of human-readable text. |
-qr |
Print the authentication URL as a QR code (interactive registration only). |
Information
| Flag | Description |
|---|---|
-version |
Print the xtna-util version. |
-service-version |
Print the xtna-service version. |
-help |
Show the built-in help message. |
Examples
Register an asset interactively:
sudo xtna-util -user admin@company.com
Register an asset with a token and assign it to policies:
sudo xtna-util -token <token> -domain company.com \
-name "web-server" \
-tags web,production \
-dst-policy "Web Access=HTTPS,SSH" \
-src-policy "Outbound Access"
Import a configuration file:
sudo xtna-util -import xtna-config.xtconfig
Check connectivity:
sudo xtna-util -connectivity -domain company.com