Registering iOS and macOS devices through the web

Web-based registration is the process of registering iOS and macOS devices in bulk for large deployments. The benefits of this style of registration include:

  • iTunes accounts are not required
  • No end-user interaction is required

The MDM profile applied to macOS devices following registration is only applicable to the device user logged in to the device, not to the device itself. In effect, this means that devices running macOS and registered with Ivanti EPMM do not allow multi-user support.

For registering macOS devices using [email protected], see Registering macOS devices with Ivanti EPMM using [email protected] for macOS.

Before you begin 

Because users will be informed of the registration via email before they receive the device, consider turning off user notification when you bulk register devices. As an alternative, consider editing the registration template or informing users that they should ignore the email. See Customizing registration messages for information on editing the template.

Web-based registration requires a Safari browser on the device.

Procedure

  1. In the Admin Portal, go to Settings > System Settings > Users & Devices > Device Registration.
  2. Select the device registration settings that are relevant to your devices:
  3. Item

    Description

    Enable Server Name Lookup

    Select to enable server name lookup during registration. Enabling the Server Name Lookup makes registration easier by automatically filling in the server address for the device user. Administrators will need to follow important, specific instructions for this feature. Please see Enabling Server Name Lookup.

    Allow registration when password change is required

    When a device user logs in for the first time, he/she will be asked to update the password for the next login. Selecting this field allows Ivanti EPMM to authenticate the device user and completes enrollment. This is limited to device registrations only. Disabled by default.

    Restrict device registrations by enrollment type

    Select this option to restrict device registrations by enrollment type. Once checked, three additional checkboxes appear. Select all that apply:

    • Apple devices that are part of the Automated Device Enrollment Program

    • Android devices that are part of the Google Zero Touch

    • Android devices that are part of Samsung Knox Mobile Enrollment

    Display QR Code and Registration URL

    Enabled by default. When enabled, your users have access to a registration URL and QR code in their registration invitation.

    In-App Registration Requirement

    Select an authentication option for devices registering with Ivanti EPMM through [email protected]:

    Password: Select to enable authentication through [email protected] using a password only.

    Registration PIN: Select to enable authentication through [email protected] using only a PIN.

    Password and Registration PIN: Select to enable authentication through [email protected] using both a password and a PIN.

    Note the following:

    Registration PINs are valid for four hours. If a device user launches [email protected] for iOS within four hours of web-based registration, the user does not need to re-enter credentials.

    In-app registration does not apply to macOS devices.

    Allow silent in-app registration only once. (iOS and macOS)

    Consider this extra security option if you are:

    including [email protected] for iOS and macOS in the Ivanti EPMM App Catalog and

    sending an installation request to devices after device users complete registration, such as with web-based registration.

    In this case, device users do not have to reenter their credentials when they launch [email protected] However, you can limit this silent registration with [email protected] to one time only by selecting this option.

    Silent in-app registration time limit (minutes) (iOS and macOS)

    Allows the administrator to specify the silent registration grace period. The minimum can be 1 minute, the maximum 525600 minutes (365 days). The default value is 240 minutes (4 hours).

    Apple Web-Based Registration Requirement

    Select an authentication option for devices registering with Ivanti EPMM through the web:

    • Password: Select to enable authentication through the web using a password only.
    • Registration PIN: Select to enable authentication through the web using only a PIN.
    • Password and Registration PIN: Select to enable authentication through the web using both a password and a PIN.
    • User and Registration PIN: Select to enable authentication through the web using both their user name and a PIN.

    These options also apply to macOS devices.

  4. Click Save.
  5. Apply the iOS or macOS label(s).
  6. Bulk register the devices on Ivanti EPMM.
  7. See “Bulk device registration” in the Getting Started with Ivanti EPMM for information on using bulk registration.

    After these devices are registered, they will appear in the Devices & Users > Devices page with a status of Pending.

  8. Create a pending device report.
  9. On each device, point the browser to the following URL:

    https://<fully-qualified domain name for Ivanti EPMM>/go

    The registration screen appears.

  10. Enter the requested information for the user who will receive the device.

    The registration screen appears.

  11. Instruct the device user to enter the requested information.
  12. Instruct the device user to tap or click Register.

    If a terms of service agreement has been defined, it is displayed here.

  13. Instruct the device user to tap or click Accept.
  14. Instruct the device user to follow the on-screen instructions for installing the relevant device management profiles.

Next steps

Create a pending device report

Create a pending device report

This feature is supported on macOS devices.

A pending device report is used to list the username and the PIN and/or password you will need to complete the registration process on each user’s behalf.

Procedure

  1. Go to Devices & Users > Devices.
  2. Open Advanced Search by clicking the advanced search icon.
  3. Using the query builder, select the following:
    • Select Status for Field
    • Select Equals for Operator
    • Select Pending for Value
  4. Click Search. The devices in pending state are shown in the table.
  5. To download this report in CSV format, click Export To CSV. The report includes the PIN and/or password required to complete registration, as appropriate.

Next steps

For iOS devices, proceed to In-app registration for iOS .