Category filter
How to set up device enrollment in Hexnode?
To manage, monitor, and secure devices using Hexnode, they have to be first enrolled in the UEM. Enrollment is the process of establishing a connection between the device and the Hexnode portal. Once a device is enrolled, Hexnode will set up secure communication with the device through which all the managerial actions can be sent to the device. Hexnode supports the enrollment of iOS, Android, macOS, Fire OS, Apple TV, Android TV OS and Windows devices.
The Settings page under Enroll tab in Hexnode lets you configure the settings related to device enrollment prior to adding them in Hexnode.
You can configure the following settings prior to device enrollment in the Hexnode console:
- Enrollment Request Modes
- Enrollment Authentication Modes
- Enrollment Restrictions
- Enrollment Ownership
- Re-enrollment Options
- Co-managing Windows devices
Enrollment Settings
To configure the enrollment settings in Hexnode,
- Navigate to Enroll > Settings.
- Configure the required settings and click on Save.
No Authentication Enrollment – The fast and easy way for enrollment
No authentication enrollment is one of the easiest ways to add devices in Hexnode. Users can enroll their device by just entering the Hexnode enrollment server URL.
To set up no authentication enrollment,
- Select the Authentication mode as No Authentication in the Settings page under Enroll tab.
- Select the user domain.
- Select a default user from the drop-down and specify a default password.
If no user is specified, on enrolling, the device will be assigned to the “Default User”.
If you have set up a default user, all the devices that you are enrolling will be assigned to the same default user.
The configured default password is for enrolling a Windows device in Hexnode.
How to enroll a device using open enrollment
Enrollment URL: https://
| Platform | Enrollment Procedure |
|---|---|
| iOS | Enter your enrollment URL in Safari browser and follow the on-screen instructions to enroll the device. |
| Android, Android TV OS and Fire OS | Install the Hexnode app from the device Play Store and enter the server URL. It will be of the form: yourportal.hexnodemdm.com. Follow the on-screen instructions to complete the device enrollment. |
| macOS | Enter the enrollment URL in the device browser and follow the on-screen instructions. |
| Windows 10/11 PCs & tablets | On your browser, enter the enrollment URL to download the Hexnode Installer app on the device. Follow the on-screen instructions to complete the device enrollment. |
To send an enrollment request containing the QR code or enrollment URL to the users, navigate to Manage > select Users/User Groups/Directory Services > Actions > New Enrollment.
Enrollment with Authentication
Users are required to enter their directory or local credentials while enrolling the device using authenticated enrollment. You can either send an enrollment request to the user with the server URL and enrollment instructions (Enrollment Request), or users can directly enroll with the credentials that are already known to them (Self Enrollment).
The admin can enable the enrollment request modes from Enroll > Settings:
- Email – The enrollment request will be sent as an email with authentication credentials such as enrollment URL, username, password and QR code.
- SMS – The enrollment request will be sent as an SMS with authentication credentials such as enrollment URL, username and password.
To set up authenticated enrollment using Hexnode
- Select the Authentication mode as Enforce Authentication from the Settings page under Enroll.
You’ll have the following options to be configured.
| Enrollment type | User | Description |
|---|---|---|
| Enrollment Request | AD User | The enrollment request containing the enrollment URL will be sent along with directions to enroll with the user’s AD credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL. |
| Enrollment Request | Microsoft Entra ID User | The enrollment request containing the enrollment URL will be sent along with the directions to enroll with their Microsoft Entra ID credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL. |
| Enrollment Request | Local User | The enrollment request contains enrollment URL, username, OTP (one-time password) and a QR code. If you are using the QR Code to enroll the device, you will not be asked to enter the enrollment URL, username and password. |
| Enrollment Request | Google User | The enrollment request containing the enrollment URL will be sent along with the instructions to enroll in Hexnode with their Google account credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices. |
| Enrollment Request | Okta User | The enrollment request containing the enrollment URL will be sent along with the instructions to enroll with their Okta credentials. A QR code will be available in the mail, so that users can scan the code instead of typing the URL for enrolling Android devices. |
| Self Enrollment | AD User | Here, the users enroll their devices with their dedicated AD credentials. The admin only needs to provide the enrollment URL to the users. This is the easiest way of enrollment with authentication. |
| Self Enrollment | Microsoft Entra ID User | Here, the users enroll their devices with their dedicated Microsoft Entra ID credentials. The admin only needs to provide the enrollment URL to the users. |
| Self Enrollment | Local User | Here, the admin can create a default user and a dedicated password manually. The devices can be enrolled with these credentials. The admin may only send the username, password and the enrollment URL as a bulk mail to the users. |
| Self Enrollment | Google User | Here, the users enroll their devices with their dedicated Google account credentials. The admin only needs to provide the enrollment URL to the users. |
| Self Enrollment | Okta User | Here, the users enroll their devices with their dedicated Okta credentials. The admin only needs to provide the enrollment URL to the users. |
Enrollment Restrictions
| Restrictions | Description |
|---|---|
| Device models allowed | The admin can specify the device models that are allowed to be enrolled in the portal. The available models are iPhone, iPad, iPod, macOS, tvOS, Windows PCs & Tablets and Android. |
| Pre-approved devices only | The admin can specify if the enterprise only allows pre-approved devices to be enrolled in the portal. |
| Enforce assigned user | Enabling this option restricts the enrollment of devices to the user assigned during pre-approved enrollment of devices.
Note: Enable the option Enforce Authentication to configure this setting. |
Enrollment Ownership
| Ownership | Description |
|---|---|
| Corporate | The admin can define if all the devices that enroll in the UEM are corporate-owned devices. |
| Personal | The admin can define if all the devices that enroll in the portal are personal devices. |
| Allow user to choose | The admin can let the user to choose the device’s ownership. |
| Choose while sending enrollment requests | The admin can choose the device ownership while sending enrollment requests.
Note: This option can only be selected if you choose to send enrollment request to users. |
| Ownership type for self-enrollment
(Available only if ‘Choose while sending enrollment requests’ is selected) |
The admin can select the ownership of devices enrolled via self-enrollment as ‘Corporate’ or ‘Personal’. |
Apple Enrollment Type
Choose between Device Enrollment or User Enrollment for enrolling personal Apple devices. These options are only displayed if the Ownership is chosen as Personal.
| Enrollment type | Description |
|---|---|
| Device Enrollment | Toggle the option to enroll the device as a personal device. |
| User Enrollment | Enable this option to enroll personal iOS/iPadOS devices through Apple’s user enrollment. |
Re-enrollment Options
In case the Hexnode MDM agent has been removed from the device. On enrolling the device again, choose how it is to be added to the console.
| Device Status | Description |
|---|---|
| Enroll as a new device | Check this option to remove all the configurations set on the device and to enroll as a new device. |
| Retain configurations and change owner | Check this option to retain all the configurations set on the device while changing the device owner. |
After configuring the enrollment settings, save the settings and all the changes will be applied to the portal.
Co-managing Windows devices
Co-manage Windows PCs and tablets that are already enrolled in a UEM service other than Hexnode. Choose either of the options to unlock co-management with Hexnode.
| Co-management | Description |
|---|---|
| Enabled | This option facilitates co-management when the user initiates enrollment on a Windows device already enrolled with another UEM vendor. |
| Disabled | This setting restricts co-management of Windows 10/11 devices with Hexnode. The user cannot co-manage a device when this option is enabled. |
Sending Enrollment Request
After configuring the enrollment settings, we can start enrolling the device. For No Authentication Enrollment, the admin needs to provide the employees with the enrollment URL. For enrollment with authentication, the admin needs to send enrollment request to the users. You can do this in many ways
- Create user and send enrollment request one by one
- Integrate with the directory services and send enrollment request
- Upload CSV and enroll in bulk
- Pre-Approved Enrollment
Create user and send enrollment request one by one
This method will allow you to create a new user and send enrollment request immediately. We do not recommend this method for enrolling a large number of users. Instead, this will come in handy when you want to add a user occasionally.
- Go to Enroll > All Enrollments > Invite > Email.
- Select the domain.
- Choose Single User under Send enrollment request to users.
- Click on User and select +Add New User.
- Enter the details of the user and click on Create.
- Click on the Send button to send enrollment request to that user.
Integrate with directory services and send enrollment request
The directory integration is the most preferred way of enrollment by enterprises. Users can be imported quite easily to the Hexnode console with AD, Microsoft Entra ID, Google and Okta integration.
.
Once the users are imported to the Hexnode console, all you need to do is
- Go to Manage > Directory Services.
- Select the domain or OUs or groups.
- Click on Actions and select New Enrollment.
Bulk enrollment with CSV import
To send enrollment request to a large number of users you can also use bulk enrollment with CSV import.
- Go to Enroll > All Enrollments > Invite > Email.
- Select the domain.
- Under Send enrollment request to, switch the button to Bulk User.
- Upload the CSV file with all the users and their details. You can get a sample CSV file by clicking on Download sample CSV file.
You need to provide the following details regarding the user to send bulk enrollment request.Field Name Description Name Provide the name of the user. Email Provide the email address of the user to whom enrollment requests are to be sent. Mobile Number Provide the mobile number of the user to whom enrollment requests are to be sent. Ownership Specify the device ownership type either as Personal or Corporate owned device. Device Name Provide a suitable name to identify your device. Password Set the password required for authentication. - Click on Next and verify the details of the CSV uploaded.
- Choose the mode through which enrollment request are to be sent and click on Send.
If more than one entry in the CSV file has the same email address and a user exists with the same email, the last entry corresponding to the email address in the CSV file will be updated as the user details. If such a user is not yet created in Hexnode UEM, the user is automatically created and the last entry corresponding to the email address in the CSV file will be updated as the user details.
In both these cases, enrollment requests are sent for each of the entries for the same user. If you have 100 entries with the same email, 100 enrollment requests will be sent to the same email, but only a single user will be created.
A Sample CSV file will be of the following format.
Bulk Enrollment with CSV Import can also be carried out for enrolling devices directly into device groups. Check out Bulk Enrollment with CSV Import for Device Groups.
Pre-Approved Enrollment
The devices can be set as pre-approved for enrollment in the console. All the configuration settings and restrictions can be assigned to these pre-approved devices.
Just as the pre-approved devices get enrolled in the console, the assigned policies and configurations get automatically associated with the devices.
