Invite Enrollment (BYOD Enrollment)
Invite enrollment can be used for enrolling Bring Your Own Device (BYOD) or Corporate Owned Personally Enabled (COPE) devices. It can be helpful when an administrator needs to enroll devices of contract employees or devices that are not a part of the directory services. For devices enrolled using Invite enrollment, the organisation can only manage the Corporate Workspace.
Some benefits of using the Invite enrollment are:
- By separating business and personal data into virtual containers on the device, it ensures corporate data security while maintaining user privacy.
- Users can perform this enrollment easily from anywhere.
- There's no need to factory reset the device and requires minimal or no admin intervention.
- OS Independent invites can be sent for enrolling any device, irrespective of OS (Android, iOS, iPad OS, macOS and Windows).This provides a holistic enrollment process for users on any platform and can be beneficial when the administrator is unaware of the OS of the device.
By myself
The By myself enrollment method can be used by admin or technicians to directly enroll the users. This can be beneficial to assess and test the functionality of the software when the Mobile Device Manager Plus console is used for the first time.
The devices enrolled By myself are mapped to the admin, and their details can later be changed if required.
Single User
Single user invite enrollment can used in scenarios like enrolling the devices of some employees who are not going to be a part of your organisation permanently, or if there are a few employees who are not yet a part of the organsiation's directory Services.
There are 2 methods for single invite enrollment:
Note:
The Invite enrollment can be sent by both Email or SMS for ME MDM Cloud user. However for ME MDM On-Premises, only the Email Invite option is available. Therefore in case of On-Premises, the mail server should be configured before sending Email invite enrollments.
Email Invite
For enrolling a device by email , the admin sends an enrollment request to the e-mail address of the user, whose device is to be enrolled. The user should then follow the instructions specified in the mail, to enroll the device with MDM.
For better understanding, view the sample email invite template sent to a user below:
SMS Invite
For enrolling a device by SMS , the admin needs to send an enrollment request to the phone number of the user, whose device is to be enrolled. The user then follows the instructions specified in the SMS, to enroll the device with MDM.
For better understanding, view the sample SMS invite template sent to a user below :
How to send Invite Enrollment :
For first Invite enrollment:
- Open the MDM Console, navigate to the Enrollment tab and choose the OS version.
- Under the Workspace Management, choose Invite Enrollment option.
- Select the Invite type, as either by Email or SMS or both.
- Add the user details. If your organisation is using a directory service, the details shall be synced automatically from the directory. Otherwise the details should be added manually using the User section in the Enrollment tab.
- The Mail Template can be configured as per the requirement of the organisation by clicking the Configure Enrollment Mail Template icon on the MDM console.
- In addition the devices can also be assigned to their respective device group before sending the invite enrollment.
For subsequent Invite enrollments:
- Open the MDM Console, and navigate to the Enrollment tab.
- Click on the Enroll Device and choose the OS version.
- On the Invite page, under the option Device to be enrolled, select Through user invites.
- Select the Invite type, as either by Email or SMS or both. Then add the User details. If your organisation is using any directory services the details shall be synced automatically from it. Otherwise the details should be added manually using the Users section in the Enrollment tab.
- The Mail Template can be configured as per the requirement of the organisation by clicking the Configure Enrollment Mail Template icon in the MDM console.
- In addition the devices can also be assigned to their respective device group before sending the invite Enrollment.
Multiple Users (Bulk Invite)
For enrolling multiple BYOD with workspace management, the Bulk Invite enrollment is the appropriate method.
With Directory Services
If your organization is using a directory service such as Zoho Directory, then Self Enrollment can be used to enroll the devices.
Without Directory Services
CSV Invite/ Bulk Invite :
If your organisation does not use a directory service, multiple users can be enrolled by sending Bulk Enrollment invites through a Comma Separated Value (CSV) file. This can be beneficial to enroll devices which are purchased in bulk ,but are only container managed such as COPE devices.
Sample CSV Format
The sample CSV format is as specified below:
USER_NAME,DOMAIN_NAME,EMAIL_ADDRESS,OWNED_BY,GROUP_NAME,PLATFORM_TYPE,PHONE_NUMBER
For example - ANDREW,andrew@mobiledevicemanagerplus.com,Personal,IOS_Group,iOS,+1-111
How to send Bulk Enrollment invites :
- Open the MDM Console, and navigate to the Enrollment tab.
- Click on 3 dotted icon, and choose the Bulk Enrollment.
- Now upload the CSV file, containing the details of invitees, and click Import.
- The invites shall be sent, and its status can be viewed as a header below the Enrollment tab.
Please take note of the following guidelines while creating the CSV file to avoid errors :
- The fields User Name, Email Address and Platform Type fields are mandatory (Platform types are iOS/Android/ Windows/Neutral).
- Additionally, there can be optional fields such as Owned By, Domain name and Group Name. The default value of Owned by shall be Corporate, while the other optional fields shall be un-assigned.
- The column headers should be in BLOCK LETTERS.
- The first row of the CSV is the column header and the columns can be in any order.
- Blank column values should be comma separated.
- If the column value contains comma, it should be specified within quotes.
Note:
The Bulk Invite enrollment method using CSV file can also be used to enroll multiple devices with multiple users.
Enrollment Steps for User
Once the user receives the invite mail or SMS, these are the steps the user should follow to enroll the device :
Android
- Install the ManageEngine MDM app from the Play Store.
- Scan the QR code using the ME MDM app, or access the provided URL.
- The user should use the authentication protocol pre-set (by the admin) to verify themselves and enroll their devices in MDM.
iOS
- Scan QR from the native camera app and download the MDM profile (The MDM profile shall be downloaded using the Safari browser).
- Install the MDM profile from device Settings: General Settings >VPN and Device Management > Profile
- The user should use authentication protocol pre-set (by the admin) to verify themselves and enroll their devices in MDM.
Authentication Protocols
Authentication is significant in verifying whether the device is mapped to the right user, and prevent unauthorized access to the corporate data and work apps.
The admin can set the authentication protocol in the Enrollment settings:
MDM Console>Enrollment>Enrollment Settings>Authentication.
With ME MDM User invites, there are 3 different methods which can be used to authenticate the user during the device enrollment as explained here.
FAQ
- Can a corporate device be enrolled via Invite enrollment?
- How can we enroll a user with multiple BYOD Devices?
- How can we enroll multiple users with multiple BYOD Devices
- How can the admin enroll a device if they're unaware of its OS?
Yes. A corporate device can be enrolled using the Invite enrollment, but only the work space can be managed , leading to limited capabilities in managing the device.
For full device management, enroll devices using Corporate Device Enrollment methods.
Only one device can be enrolled per invite. In a scenario where a single user with multiple BYOD devices needs to be enrolled, the admin should sent multiple invites to the user.
In a scenario where multiple users with multiple BYOD needs to be enrolled, the Bulk Invite method can be used. This can be accomplished by altering the necessary fields—such as the platform type—while maintaining the same user name, email address, etc.
In this scenario the admin can send an OS Independent invites.