How to set up device enrollment in Hexnode?
To manage, monitor, and secure devices using Hexnode, they have to be first enrolled in the UEM. Enrollment is the process of establishing a connection between the device and the Hexnode portal. Once a device is enrolled, Hexnode will set up secure communication with the device through which all the managerial actions can be sent to the device. Hexnode supports the enrollment of iOS, Android, macOS, Fire OS, Apple TV, Android TV OS and Windows 10 devices.
The Settings page under Enroll tab in Hexnode lets you configure the settings related to device enrollment prior to adding them in Hexnode.
You can configure the following settings prior to device enrollment in the Hexnode console:
- Enrollment Request Modes
- Enrollment Authentication Modes
- Enrollment Restrictions
- Enrollment Ownership
- Re-enrollment Options
- Co-managing Windows devices
- Enrollment Settings
- No Authentication Enrollment – The fast and easy way for enrollment
- Enrollment with Authentication
- Sending Enrollment Request
To configure the enrollment settings in Hexnode,
- Navigate to Enroll > Settings.
- Configure the required settings and click on Save.
No Authentication Enrollment – The fast and easy way for enrollment
No authentication enrollment is one of the easiest ways to add devices in Hexnode. Users can enroll their device by just entering the Hexnode enrollment server URL.
To set up no authentication enrollment,
- Select the Authentication mode as No Authentication in the Settings page under Enroll tab.
- Select the user domain.
- Select a default user from the drop-down and specify a default password.
If no user is specified, on enrolling, the device will be assigned to the “Default User”.
If you have set up a default user, all the devices that you are enrolling will be assigned to the same default user.
The configured default password is for enrolling a Windows device in Hexnode.
How to enroll a device using open enrollment
Enrollment URL: https://
|iOS||Enter your enrollment URL in Safari browser and follow the on-screen instructions to enroll the device.|
|Android, Android TV OS and Fire OS||Install the Hexnode app from the device Play Store and enter the server URL. It will be of the form: yourportal.hexnodemdm.com. Follow the on-screen instructions to complete the device enrollment.|
|macOS||Enter the enrollment URL in the device browser and follow the on-screen instructions.|
|Windows 10 PCs & tablets||On your browser, enter the enrollment URL to download the Hexnode Installer app on the device. Follow the on-screen instructions to complete the device enrollment.|
|Windows Phone 10||Set up a workplace account in settings with your enrollment URL, and user email, mentioned at “Enroll > Platform-Specific > Windows PCs & Tablets > Open Enrollment”. The enrollment URL will look something like
Enrollment with Authentication
Users are required to enter their directory or local credentials while enrolling the device using authenticated enrollment. You can either send an enrollment request to the user with the server URL and enrollment instructions (Enrollment Request), or users can directly enroll with the credentials that are already known to them (Self Enrollment).
The admin can enable the enrollment request modes from Enroll > Settings:
- Email – The enrollment request will be sent as an email with authentication credentials such as enrollment URL, username, password and QR code.
- SMS – The enrollment request will be sent as an SMS with authentication credentials such as enrollment URL, username and password.
To set up authenticated enrollment using Hexnode
- Select the Authentication mode as Enforce Authentication from the Settings page under Enroll.
You’ll have the following options to be configured.
|Enrollment Request||AD User||The enrollment request containing the enrollment URL will be sent along with directions to enroll with the user’s AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.|
|Enrollment Request||Azure AD User||The enrollment request containing the enrollment URL will be sent along with the directions to enroll with their Azure AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.|
|Enrollment Request||Local User||The enrollment request contains enrollment URL, username, OTP (one-time password) and a QR code. If you are using the QR Code to enroll the device, you will not be asked to enter the enrollment URL, username and password.|
|Enrollment Request||Google User||The enrollment request containing the enrollment URL will be sent along with the instructions to enroll in Hexnode with their Google account credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices.|
|Enrollment Request||Okta User||The enrollment request containing the enrollment URL will be sent along with the instructions to enroll with their Okta credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices.|
|Self Enrollment||AD User||Here, the users enroll their devices with their dedicated AD credentials. The admin only needs to provide the enrollment URL to the users. This is the easiest way of enrollment with authentication.|
|Self Enrollment||Azure AD User||Here, the users enroll their devices with their dedicated Azure AD credentials. The admin only needs to provide the enrollment URL to the users.|
|Self Enrollment||Local User||Here, the admin can create a default user and a dedicated password manually. The devices can be enrolled with these credentials. The admin may only send the username, password and the enrollment URL as a bulk mail to the users.|
|Self Enrollment||Google User||Here, the users enroll their devices with their dedicated Google account credentials. The admin only needs to provide the enrollment URL to the users.|
|Self Enrollment||Okta User||Here, the users enroll their devices with their dedicated Okta credentials. The admin only needs to provide the enrollment URL to the users.|
|Device models allowed||The admin can specify the device models that are allowed to be enrolled in the portal. The available models are iPhone, iPad, iPod, macOS, tvOS, Windows Phone, Windows PCs & Tablets and Android.|
|Pre-approved devices only||The admin can specify if the enterprise only allows pre-approved devices to be enrolled in the portal.|
|Enforce assigned user||Enabling this option restricts the enrollment of devices to the user assigned during pre-approved enrollment of devices.
Note: Enable the option Enforce Authentication to configure this setting.
|Corporate||The admin can define if all the devices that enroll in the UEM are corporate-owned devices.|
|Personal||The admin can define if all the devices that enroll in the portal are personal devices.|
|Allow user to choose||The admin can let the user to choose the device’s ownership.|
|Choose while sending enrollment requests||The admin can choose the device ownership while sending enrollment requests.
Note: This option can only be selected if you choose to send enrollment request to users.
|Ownership type for self-enrollment
(Available only if ‘Choose while sending enrollment requests’ is selected)
|The admin can select the ownership of devices enrolled via self-enrollment as ‘Corporate’ or ‘Personal’.|
Apple Enrollment Type
Choose between Device Enrollment or User Enrollment for enrolling personal Apple devices. These options are only displayed if the Ownership is chosen as Personal.
|Device Enrollment||Toggle the option to enroll the device as a personal device.|
|User Enrollment||Enable this option to enroll personal iOS/iPadOS devices through Apple’s user enrollment.|
In case the Hexnode MDM agent has been removed from the device. On enrolling the device again, choose how it is to be added to the console.
|Enroll as a new device||Check this option to remove all the configurations set on the device and to enroll as a new device.|
|Retain configurations and change owner||Check this option to retain all the configurations set on the device while changing the device owner.|
After configuring the enrollment settings, save the settings and all the changes will be applied to the portal.
Co-managing Windows devices
Co-manage Windows PCs and tablets that are already enrolled in a UEM service other than Hexnode. Choose either of the options to unlock co-management with Hexnode.
|Enabled||This option facilitates co-management when the user initiates enrollment on a Windows device already enrolled with another UEM vendor.|
|Disabled||This setting restricts co-management of Windows 10 devices with Hexnode. The user cannot co-manage a device when this option is enabled.|
Sending Enrollment Request
After configuring the enrollment settings, we can start enrolling the device. For No Authentication Enrollment, the admin needs to provide the employees with the enrollment URL. For enrollment with authentication, the admin needs to send enrollment request to the users. You can do this in many ways
- Create user and send enrollment request one by one
- Integrate with the directory services and send enrollment request
- Upload CSV and enroll in bulk
- Pre-Approved Enrollment
Create user and send enrollment request one by one
This method will allow you to create a new user and send enrollment request immediately. We do not recommend this method for enrolling a large number of users. Instead, this will come in handy when you want to add a user occasionally.
- Go to Enroll > All Enrollments > Invite > Email.
- Select the domain.
- Choose Single User under Send enrollment request to users.
- Click on User and select +Add New User.
- Enter the details of the user and click on Create.
- Click on the Send button to send enrollment request to that user.
Integrate with directory services and send enrollment request
Once the users are imported to the Hexnode console, all you need to do is
- Go to Manage > Directory Services.
- Select the domain or OUs or groups.
- Click on Actions and select New Enrollment.
Bulk enrollment with CSV import
To send enrollment request to a large number of users you can also use bulk enrollment with CSV import.
- Go to Enroll > All Enrollments > Invite > Email.
- Select the domain.
- Under Send enrollment request to, switch the button to Bulk User.
- Upload the CSV file with all the users and their details. You can get a sample CSV file by clicking on Download sample CSV file.
You need to provide the following details regarding the user to send bulk enrollment request.
Field Name Description Name Provide the name of the user. Provide the email address of the user to whom enrollment requests are to be sent. Mobile Number Provide the mobile number of the user to whom enrollment requests are to be sent. Ownership Specify the device ownership type either as Personal or Corporate owned device. Device Name Provide a suitable name to identify your device. Password Set the password required for authentication.
- Click on Next and verify the details of the CSV uploaded.
- Choose the mode through which enrollment request are to be sent and click on Send.
A Sample CSV file will be of the following format.
The devices can be set as pre-approved for enrollment in the console. All the configuration settings and restrictions can be assigned to these pre-approved devices.
Just as the pre-approved devices get enrolled in the console, the assigned policies and configurations get automatically associated with the devices.