Product Documentation

Configuring Enrollment Modes

Mar 24, 2014

You can use the enrollment options in Device Manager to configure device enrollment modes. You can use the Enrollment feature to send enrollment notifications to groups of users. The notifications invite users to easily enroll their devices into Device Manager, use a download link for the Device Manager client software, and use a link to enroll by using their internal network credentials.

You can use the enrollment options to choose varying levels of security for Device Manager enrollment, such as a one-time PIN to ensure the identity of the user, or multi-factor authentication (user, password, and PIN).

When you send an enrollment invitation, Device Manager uses the default mode in the Options dialog box unless you first modify the enrollment mode before sending the notification. The following table lists the enrollment modes you can configure in Device Manager.

Enrollment mode Description

High Security

This enrollment mode sends the user the following three emails:

  • An email with a download link that allows the user to download and install the Connect client app.
  • An email with an enrollment invitation web address, that allows the user to launch the client app and enroll the user's device.
  • An email with a one-time PIN that the user must enter when enrolling the device, along with the user's Active Directory (or local) user name and password.

When using this method, the user can only enroll by using the web address in the notification. If the user loses the notification invitation, the user cannot enroll with the sent invitation. You can, however, send another invitation.

Invitation URL

This enrollment mode sends a single notification to the user that contains a web address that, when clicked, opens the Connect client app. The Device Manager server name and an Enroll button appears. The user taps Enroll to enroll the user's device into Device Manager.

Invitation URL + Password

This enrollment mode sends a single notification to the user that contains a web address that, when clicked, opens the Connect client app. The Device Manager server name appears, along with a field where the user must enter a password.

Invitation URL + PIN

This enrollment mode sends the following emails:

  • An email with an enrollment invitation web address that allows the user to download and open the client app, install the app and enroll the users' device in Device Manager
  • An email with a one-time PIN that the user must enter when enrolling the device, along with the user's Active Directory (or local) password.

Using this method, the user can only enroll by using the web address in the notification. If the user loses the notification invitation, the user cannot enroll with the sent invitation. You can, however, send another invitation.

Two Factor

This enrollment mode sends a single notification to the user that contains a web address and a one-time PIN. When the user clicks the web address, the Connect client app opens. The Device Manager server name appears, along with two fields where the user must enter a password and the PIN number.

Username + Password

This enrollment mode sends a single notification to the user that contains a web address that, when clicked, opens the Connect client app. The user then enters a user name and password to enroll the user's device into Device Manager.

Username + PIN

This enrollment mode sends the following emails:

  • An email with an enrollment invitation web address that allows the user to download and open the client app and then enter a user name and password to enroll the device into Device Manager.
  • An email with a one-time PIN that the user must enter when enrolling the device, along with the user's Active Directory (or local) password.

If the user loses the notification invitation, the user cannot enroll with the sent invitation. You can, however, send another invitation.