Category Filter

How to enroll iOS devices in Hexnode MDM

Before enrolling an iOS device, please make sure that you have configured the APNs certificate in your server.

There are different methods to enroll an iOS device. These methods of enrollment are subject to various criteria such as size of the company, number of devices, security preferences, etc. The enterprises can use any of the below enrollment methods based on their requirement:

  1. Enrollment without authentication
  2. Email/SMS enrollment
  3. Self enrollment
  4. Apple Configurator enrollment
  5. DEP enrollment
  6. DEP enrollment using Apple Configurator
  7. G Suite Enrollment for iOS.

Enrolling iOS devices without Authentication

Users can enroll their iOS devices without providing any authentication credentials. They can just enroll devices with a single enrollment URL.

Open Safari browser and enter your enrollment URL which will look something like https://<portalname>.hexnodemdm.com/enroll/.

  1. This would take you to the enrollment screen. Enable the checkbox to agree with the terms and conditions and click Enroll.
  2. Provide the necessary permissions to allow profile download.
  3. After the profile gets downloaded, navigate to Settings > General > Profile. Choose Profile Service.
  4. Click Install to install the configuration profile and certificate.
  5. Click Trust to allow remote management.
  6. When the profile is installed, click Done.
  7. Once the enrollment is complete, the Hexnode app will start installing.
  8. Once the app is installed, allow the MDM to access location and send notifications.

Email or SMS enrollment

Authenticated enrollment can be enabled under Admin > Enrollment on the Hexnode MDM console. Enrollment with authentication delivers an enrollment request via email or SMS to the users which includes the enrollment URL, username, password, and a QR code. A typical enrollment request would look something like this:
enrollment request mail

Once the enrollment credentials are received,

  1. Open Safari browser and enter the enrollment URL. It would look something like this: https://<portalname>.hexnodemdm.com/enroll/.
  2. This would take you to the enrollment screen. Enable the checkbox to agree with the terms and conditions and click Enroll.
  3. Enter the username and one-time password specified in the enrollment request and click Authenticate.
  4. Provide the necessary permissions to allow profile download.
  5. After the profile gets downloaded, navigate to Settings > General > Profile. Choose Profile Service.
  6. Click Install to install the configuration profile and certificate.
  7. Click Trust to allow remote management.
  8. When the profile is installed, click Done.
  9. Go to the device launcher and the Hexnode MDM app start installing.
  10. Once the app is installed, allow the MDM to access location and send notifications.

Self enrollment

Self-enrollment is a type of authenticated enrollment by which users will enroll their devices using their preassigned passwords (for local users) or their directory passwords (for AD, Azure AD, Okta and Google users). Users will not receive any enrollment request if you have opted for self-enrollment.

  1. Access your enrollment URL through Safari browser. The enrollment URL will look something like https://<portalname>.hexnodemdm.com/enroll/.
  2. On the enrollment screen, enable the checkbox to agree with the terms and conditions and click Enroll.
  3. Select the domain.
  4. Enter the username and password.
  5. Click Authenticate.
  6. Provide the necessary permissions to allow profile download.
  7. After the profile gets downloaded, navigate to Settings > General > Profile. Choose Profile Service.
  8. Click Install to install the configuration profile and certificate.
  9. Click Trust to allow remote management.
  10. When the profile is installed click Done.
  11. Go to the device launcher and the Hexnode app gets installed.
  12. Once the app is installed, allow the MDM to access location and send notifications.

MDM enrollment with Apple Configurator

Apple Configurator is an OSX program that allows one to create configuration profiles for Apple devices including iPad, iPhone, Apple TV and iPod Touch for easily deploying in business or school.

Follow these steps to enroll devices to Hexnode MDM with Apple Configurator 2.5:

Assign a user for the enrolled device.

  1. From your Hexnode MDM portal, navigate to Enroll > Platform – Specific > iOS > Apple Configurator.
  2. Select a user from the list and click on Save.



You can change the assigned user any time from Manage > click on any device name > Actions > Change Owner.

Once the user is assigned you can open the Apple configurator in your Mac and follow the below steps.

Create a WiFi profile

To create a WiFi profile,

  1. Open Apple Configurator.
  2. Go to File > New Profile > Wi-Fi > Configure.
  3. Configure the Wi-Fi profile and save.


Note:

  • While configuring the Wi-Fi profile, ensure that you configure the same Wi-Fi connected to the Mac.

Create a Blueprint

  1. Go to Blueprint > Edit blueprints.
  2. Name the new blueprint.
  3. Select the blueprint and click on the Add button on the top of Configurator 2 (or right-click on the blueprint > Add and select Profiles)
  4. Select the Wi-Fi profile created previously.
  5. Select the blueprint and click on the Prepare button on the top of Configurator 2 (or right-click on blueprint > Prepare).
  6. Select Manual configuration and click Next.
  7. Select New Server and click Next.
  8. Provide any name and the enrollment URL available at Admin > Configurator Enrollment in Hexnode MDM console.
  9. When configurator finishes fetching the certificates, click Next.
  10. To assign the blueprint to an organization, click New Organization and click Next.
  11. You can choose to sign in to Device Enrollment Program or click Skip.
  12. Provide organization details and click Next.
  13. Select Generate a new Supervision identity and click Next.
  14. In Setup assistant, select the steps that you want to show while starting up the iOS device. You can also skip all the steps by selecting the option Don’t show any of these steps.
  15. Click Prepare.
  16. Enter the device password to apply the settings. The blueprint will be prepared now.


 

Apply Blueprint

  1. Connect iOS devices to the computer.
  2. Click on Blueprints on the top of Configurator and select the blueprint’s name and click Apply.
  3. When the blueprint is applied, a prompt appears giving a warning message that the device could erase, modify, remove or update. Click on Apply to apply the blueprint to the device and the device resets.


Note:

  • While enrolling the device through Apple Configurator, ensure that the device is not previously linked to an Apple ID.
  • If the device is previously linked, then you may receive a warning message as “Unable to activate the device”.
  • If it happens, go to iCloud > disable Find my Iphone.
  • You can also remove the Apple ID through iTunes. Connect your device to iTunes and type in your AppleID and password.
  • Now you can apply the configuration via Apple configurator and the device gets enrolled.

Troubleshooting Tips