Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Provisioning

Category filter

The Ultimate Guide to Bulk Hardware Staging with Hexnode UEM

Jump To

1. Generating Unique QR Codes in Hexnode

While the concept of “scripting the creation of 1,000 unique QR codes” for each device provisioning sounds like a requirement for physical label printing, modern Unified Endpoint Management (UEM) platforms like Hexnode UEM handle this workflow dynamically to maximize security and efficiency.

Hexnode natively supports generating unique, one-time-use QR codes through its Authenticated Enrollment feature. However, these codes are dynamically generated by the system and directly dispatched to specific users via email, rather than exported in bulk as offline image files.

Execution Strategies for Bulk Unique QR Codes:

  • Native CSV Bulk Import (Recommended over API): Hexnode supports bulk user creation and enrollment dispatch natively. IT administrators can upload a CSV file containing up to 1,000 user details directly into the Hexnode console (Enroll > All Enrollments > Invite > Email > Bulk User). Hexnode automatically generates and emails a unique QR code to each user without the need for custom coding.
  • Hexnode REST API: For highly customized or fully automated environments, IT can utilize the Hexnode API. By writing a script (e.g., using Python or cURL), IT can authenticate against the server, create user profiles, and trigger individual enrollment requests, which programmatically dispatches the unique QR codes to the end-users.

2. Best Practice Guide: Bulk Hardware Staging Workflows

For an IT team setting up a staging area to provision 1,000 devices simultaneously, generating and managing 1,000 unique QR codes is not the recommended industry best practice. Matching unique codes to specific physical devices creates massive operational overhead and leaves room for human error.

Instead, Hexnode provides two highly scalable, superior workflows for bulk hardware staging:

Instead of unique codes, Hexnode allows administrators to utilize a single, universal Generic QR Code tied to a specific organizational profile (e.g., Android Enterprise Device Owner).

  • The Benefit: Staging technicians can scan this exact same QR code across all 1,000 devices consecutively. There is no need to match specific codes to devices. The device is enrolled instantly, restricted by corporate policies, and can be assigned to its final user later via the console or upon first login via Active Directory (AD), Microsoft Entra ID, or Google Workspace.

Workflow B: Automated Device Enrollment (Zero-Touch) – The Ultimate Best Practice

For deploying 1,000+ devices, moving away from manual QR code scanning entirely is the gold standard. Hexnode seamlessly integrates with native OEM automated deployment programs:

    Android Zero-Touch Enrollment (ZTE)
    Samsung Knox Mobile Enrollment (KME)
    Apple Automated Device Enrollment (ADE / Apple Business Manager)

The Benefit: Devices are mapped to your Hexnode server via their serial numbers at the time of purchase by an authorized reseller. When powered on and connected to Wi-Fi for the first time, they configure themselves automatically as fully managed devices—zero scanning or technician interaction required.

3. Step-by-Step Execution Guides

Below are the validated, step-by-step instructions to execute both the “Unique QR” and “Generic QR” hardware staging workflows natively within the Hexnode console.

Route 1: Bulk Authenticated Enrollment (User-Specific QR Codes)

Use this workflow if devices are being shipped directly to 1,000 end-users who must self-enroll their devices.

Step 1: Enforce Authentication

  1. Log in to the Hexnode UEM Portal.
  2. Navigate to Enroll > Settings.
  3. Under Request Modes, select the checkbox for Email.
  4. Under Authentication Modes, check the box for Enforce authentication.
  5. Choose the type of user under Enrollment Request and Self Enrollment and click Save.

Step 2: Dispatch Bulk Requests

  1. Navigate to Enroll > All Enrollments > Invite > QR Code (Alternatively, use the CSV import method under Invite > Email > Bulk User).
  2. Select all target users (you can import/select Local, AD, Google Workspace, or Entra ID users).
  3. Set the device Ownership (Corporate or Personal) and click Continue.
  4. Choose the appropriate Domain and click Send.

Result: 1,000 unique, one-time-use QR codes are generated and dispatched via email to the assigned users.

Step 3: Device-Side Enrollment

  1. The user powers on the device and downloads the Hexnode UEM app from the Google Play Store or Apple App Store.
  2. The user opens the app and taps the QR code icon located at the bottom left of the screen.
  3. The user scans the unique QR code received in their email.
  4. The user follows on-screen prompts to grant required system permissions (e.g., Device Administration, Usage Access) to finalize enrollment.

Route 2: Open Enrollment (Generic QR Code Hardware Staging)

Use this workflow for IT staging benches where technicians are physically unboxing and provisioning company-owned Android devices via Android Enterprise (Device Owner).

Step 1: Retrieve the Staging QR Code

  1. Log in to the Hexnode UEM portal.
  2. Navigate to Enroll > Platform-Specific > Android > Android TV & Standard Device (or Android Enterprise configurations depending on the specific profile generation).
  3. Ensure the Open Enrollment configuration is set properly for corporate-owned devices. A generic QR code will be displayed directly on the screen. Keep this screen visible to technicians.

Step 2: Rapid Device Staging (Android 6-Tap Method)

  1. Have technicians turn on the new, factory-reset Android devices.
  2. On the initial Welcome Screen (Language selection), tap the screen six times in the exact same empty spot.
  3. The device will prompt a connection to the staging facility’s Wi-Fi network. Connect it.
  4. The device will automatically download and install a background native QR code reader.
  5. The technician scans the single generic QR code retrieved in Step 1.
  6. Tap Accept & Continue.

Result: The device instantly applies the corporate Android Enterprise profile, silently installs mandated apps, and enters Device Owner (Fully Managed) mode without needing to type server URLs or credentials.

4. Frequently Asked Questions (FAQs)

Q: Are the Authenticated Enrollment QR codes reusable?

A: No. By design, QR codes dispatched via the Authenticated Enrollment method are one-time-use only. Once a user successfully scans their specific QR code, it expires. This ensures that unauthorized devices cannot be enrolled using the same credential.

Q: Does the Generic Staging QR code expire?

A: No. The Generic QR code used for Open Enrollment does not expire and can be scanned continuously across hundreds or thousands of devices. If security is a concern, administrators can manually rotate or revoke the generic configuration profile within the Hexnode console.

Q: What Android versions support the “6-tap” QR staging method?

A: The 6-tap method for Android Enterprise (Device Owner) provisioning is supported on devices running Android 7.0 and later. On Android 9.0 and above, the QR code reader is built natively into the setup wizard. On Android 7.0 and 8.0, the device will automatically download the QR reader after you connect to Wi-Fi.

Q: Is QR code staging also applicable for iOS devices?

A: QR code enrollment as described in the staging workflow is primarily an Android Enterprise feature. For bulk staging iOS, iPadOS, or macOS devices, Apple Automated Device Enrollment (ADE) via Apple Business Manager is the required standard for automated, out-of-the-box provisioning.

5. Troubleshooting Guide

Issue: “Invalid QR Code” Error During Scan

Cause 1: The user is trying to scan an Authenticated QR code that has already been used, or they are scanning the generic code when authentication is strictly enforced.

    Resolution: Resend a fresh enrollment request to the user via the Hexnode console.

Cause 2: The generic QR code configuration was altered or deleted in the console.

    Resolution: Verify in the Hexnode portal that the Android Enterprise Open Enrollment profile is still active and valid.

Issue: The 6-Tap Method Does Not Trigger the QR Reader

Cause 1: The device is not in a factory-reset state. The 6-tap method only works on the very first “Welcome” screen of a factory-wiped device.

    Resolution: Factory reset the device through the recovery menu or device settings and try again.

Cause 2: The device is running an outdated OS (Android 6.0 or earlier).

    Resolution: Older devices must be enrolled using legacy Device Admin methods or via the Hexnode UEM app downloaded from the Play Store.

Issue: Device Fails to Complete Enrollment After Scanning

Cause 1: Captive Portal Wi-Fi. The staging Wi-Fi network requires a browser-based login (captive portal), which interrupts the background download of the MDM profile.

    Resolution: Ensure the staging area uses a standard WPA2/WPA3 Wi-Fi network with unrestricted internet access to Hexnode’s domains.

Cause 2: Firewall Restrictions. The corporate network is blocking traffic to Hexnode’s enrollment servers.

    Resolution: Allowlist the necessary Hexnode URLs, ports, and Google FCM (Firebase Cloud Messaging) ports in your network firewall.

Issue: Device Enrolls but as “Profile Owner” Instead of “Device Owner”

Cause: The device was not factory reset prior to scanning the QR code, or a standard user-initiated app enrollment was used instead of the 6-tap hardware staging method.

    Resolution: To achieve fully managed “Device Owner” status, the device must be wiped completely and enrolled strictly via the 6-tap wizard from the out-of-box setup screen.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework