Category Filter

How to set up device enrollment in Hexnode?

To manage, monitor, and secure devices using Hexnode, they have to be first enrolled in the UEM. Enrollment is the process of establishing a connection between the device and the Hexnode portal. Once a device is enrolled, Hexnode will set up secure communication with the device through which all the managerial actions can be sent to the device. Hexnode supports the enrollment of iOS, Android, macOS, Fire OS, Apple TV, and Windows 10 devices.

The Settings page under Enroll tab in Hexnode lets you configure the settings related to device enrollment prior to adding them in Hexnode.

You can configure the following settings prior to device enrollment in the Hexnode console:

  • Enrollment Request Modes
  • Enrollment Authentication Modes
  • Enrollment Restrictions
  • Enrollment Ownership
  • Re-enrollment Options

Enrollment Settings

To configure the enrollment settings in Hexnode,

  1. Navigate to Enroll > Settings.
  2. Configure the required settings and click on Save.

No Authentication Enrollment – The fast and easy way for enrollment

No authentication enrollment is one of the easiest ways to add devices in Hexnode. Users can enroll their device by just entering the Hexnode enrollment server URL.

To set up no authentication enrollment,

  1. Select the Authentication mode as No Authentication in the Settings page under Enroll tab.
  2. Select the user domain.
  3. Select a default user from the drop-down and specify a default password.

If no user is specified, on enrolling, the device will be assigned to the “Default User”.

If you have set up a default user, all the devices that you are enrolling will be assigned to the same default user.

The configured default password is for enrolling a Windows device in Hexnode.

How to enroll a device using open enrollment

Enrollment URL: https://.hexnodemdm.com/enroll (For iOS, Windows PCs & Tablets and macOS)

Platform Enrollment Procedure
iOS Enter your enrollment URL in Safari browser and follow the on-screen instructions to enroll the device.
Android and Fire OS Install the Hexnode app from the device Play Store and enter the server URL. It will be of the form: yourportal.hexnodemdm.com. Follow the on-screen instrucations to complete the device enrollment.
macOS Enter the enrollment URL in the device browser and follow the on-screen instructions.
Windows 10 PCs & tablets On your browser, enter the enrollment URL to download the Hexnode Installer app on the device. Follow the on-screen instructions to complete the device enrollment.
Windows Phone 10 Set up a workplace account in settings with your enrollment URL, and user email, mentioned at “Enroll > Platform-Specific > Windows PCs & Tablets > Open Enrollment”. The enrollment URL will look something like

https://yourportal.hexnodemdm.com

Note:

To send an enrollment request containing the QR code or enrollment URL to the users, navigate to Manage > select Users/User Groups/Directory Services > Actions > New Enrollment..

Enrollment with Authentication

Users are required to enter their directory or local credentials while enrolling the device using authenticated enrollment. You can either send an enrollment request to the user with the server URL and enrollment instructions (Enrollment Request), or users can directly enroll with the credentials that are already known to them (Self Enrollment).

The admin can enable the enrollment request modes from Enroll > Settings:

  • Email – The enrollment request will be sent as an mail with authentication credentials such as enrollment URL, username, password and QR code.
  • SMS – The enrollment request will be sent as an SMS with authentication credentials such as enrollment URL, username and password.

To set up authenticated enrollment using Hexnode

  1. Select the Authentication mode as Enforce Authentication from the Settings page under Enroll.

You’ll have the following options to be configured.

Enrollment type User Description
Enrollment Request AD User The enrollment request containing the enrollment URL will be sent along with directions to enroll with the user’s AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.
Enrollment Request Azure AD User The enrollment request containing the enrollment URL will be sent along with the directions to enroll with their Azure AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL.
Enrollment Request Local User The enrollment request contains enrollment URL, username, OTP (one-time password) and a QR code. If you are using the QR Code to enroll the device, you will not be asked to enter the enrollment URL, username and password.
Enrollment Request Google User The enrollment request containing the enrollment URL will be sent along with the instructions to enroll in Hexnode with their Google account credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices.
Enrollment Request Okta User The enrollment request containing the enrollment URL will be sent along with the instructions to enroll with their Okta credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices.
Self Enrollment AD User Here, the users enroll their devices with their dedicated AD credentials. The admin only needs to provide the enrollment URL to the users. This is the easiest way of enrollment with authentication.
Self Enrollment Azure AD User Here, the users enroll their devices with their dedicated Azure AD credentials. The admin only needs to provide the enrollment URL to the users.
Self Enrollment Local User Here, the admin can create a default user and a dedicated password manually. The devices can be enrolled with these credentials. The admin may only send the username, password and the enrollment URL as a bulk mail to the users.
Self Enrollment Google User Here, the users enroll their devices with their dedicated Google account credentials. The admin only needs to provide the enrollment URL to the users.
Self Enrollment Okta User Here, the users enroll their devices with their dedicated Okta credentials. The admin only needs to provide the enrollment URL to the users.

Enrollment Restrictions

Restrictions Description
Device models allowed The admin can specify the device models that are allowed to be enrolled in the portal. The available models are iPhone, iPad, iPod, macOS, tvOS, Windows Phone, Windows PCs & Tablets and Android.
Pre-approved devices only The admin can specify if the enterprise only allows pre-approved devices to be enrolled in the portal.
Enforce assigned user Enabling this option restricts the enrollment of devices to the user assigned during pre-approved enrollment of devices.

Note: Enable the option Enforce Authentication to configure this setting.

Enrollment Ownership

Ownership Description
Corporate The admin can define if all the devices that enroll in the UEM are corporate-owned devices.
Personal The admin can define if all the devices that enroll in the portal are personal devices.
Allow user to choose The admin can let the user to choose the device’s ownership.
Choose while sending enrollment requests The admin can choose the device ownership while sending enrollment requests.

Note: This option can only be selected if you choose to send enrollment request to users.

Ownership type for self-enrollment

(Available only if ‘Choose while sending enrollment requests’ is selected)

The admin can select the ownership of devices enrolled via self-enrollment as ‘Corporate’ or ‘Personal’.

Re-enrollment Options

In case the Hexnode MDM agent has been removed from the device. On enrolling the device again, choose how it is to be added to the console.

Device Status Description
Enroll as a new device Check this option to remove all the configurations set on the device and to enroll as a new device.
Retain configurations and change owner Check this option to retain all the configurations set on the device while changing the device owner.

After configuring the enrollment settings, save the settings and all the changes will be applied to the portal.

Sending Enrollment Request

After configuring the enrollment settings, we can start enrolling the device. For No Authentication Enrollment, the admin needs to provide the employees with the enrollment URL. For enrollment with authentication, the admin needs to send enrollment request to the users. You can do this in many ways

  1. Create user and send enrollment request one by one
  2. Integrate with the directory services and send enrollment request
  3. Upload CSV and enroll in bulk
  4. Pre-Approved Enrollment

Create user and send enrollment request one by one

This method will allow you to create a new user and send enrollment request immediately. We do not recommend this method for enrolling a large number of users. Instead, this will come in handy when you want to add a user occasionally.

  1. Go to Enroll > All Enrollments > Invite > Email.
  2. Select the domain.
  3. Choose Single User under Send enrollment request to users.
  4. Click on User and select +Add New User.
  5. Enter the details of the user and click on Create.
  6. Click on the Send button to send enrollment request to that user.

Integrate with directory services and send enrollment request

The directory integration is the most preferred way of enrollment by enterprises. Users can be imported quite easily to the Hexnode console with AD, Azure AD, Google and Okta integration.
.

Once the users are imported to the Hexnode console, all you need to do is

  1. Go to Manage > Directory Services.
  2. Select the domain or OUs or groups.
  3. Click on Actions and select New Enrollment.

Bulk enrollment with CSV import

To send enrollment request to a large number of users you can also use bulk enrollment with CSV import.

  1. Go to Enroll > All Enrollments > Invite > Email.
  2. Select the domain.
  3. Under Send enrollment request to, switch the button to Bulk User.
  4. Upload the CSV file with all the users and their details. You can get a sample CSV file by clicking on Download sample CSV file.
    You need to provide the following details regarding the user to send bulk enrollment request.
    Field Name Description
    Name Provide the name of the user.
    Email Provide the email address of the user to whom enrollment requests are to be sent.
    Mobile Number Provide the mobile number of the user to whom enrollment requests are to be sent.
    Ownership Specify the device ownership type either as Personal or Corporate owned device.
    Device Name Provide a suitable name to identify your device.
    Password Set the password required for authentication.
  5. Click on Next and verify the details of the CSV uploaded.
  6. Choose the mode through which enrollment request are to be sent and click on Send.

Notes:


If more than one entry in the CSV file has the same email address and a user exists with the same email, the last entry corresponding to the email address in the CSV file will be updated as the user details. If such a user is not yet created in Hexnode UEM, the user is automatically created and the last entry corresponding to the email address in the CSV file will be updated as the user details.

In both these cases, enrollment requests are sent for each of the entries for the same user. If you have 100 entries with the same email, 100 enrollment requests will be sent to the same email, but only a single user will be created.

A Sample CSV file will be of the following format.


Sample CSV file


Note:

Bulk Enrollment with CSV Import can also be carried out for enrolling devices directly into device groups. Check out Bulk Enrollment with CSV Import for Device Groups.

Pre-Approved Enrollment

The devices can be set as pre-approved for enrollment in the console. All the configuration settings and restrictions can be assigned to these pre-approved devices.
Just as the pre-approved devices get enrolled in the console, the assigned policies and configurations get automatically associated with the devices.