What users see after they login

Depending on the user portal role enabled, device users may have a different view of the user portal.

Welcome menu

The Welcome menu is in the top-right of the user portal. From this menu, you can perform the following actions:

If Register Device role is enabled

If the Register Device role is enabled, device users will be able to send an invitation from the user portal to register their device.

Figure 1. Send invitation to register

After the invitation is sent, the device status is seen as Pending.

Figure 2. Registration pending for device

Device users can complete the registration on their mobile device at https://<EPMM_Server_FQDN>/go.

Figure 3. Complete device registration

After registration is completed on the mobile device, the status for the device is changed to Active.

Figure 4. Active device status

Registration instructions

On iOS devices, Ivanti Mobile@Work is installed only if it was set up for distribution through  Ivanti EPMM. If not, users can download Ivanti Mobile@Work from the Apple App Store. Instructions for downloading Ivanti Mobile@Work from the Apple App Store are provided in the email sent to the device user.

If PIN-based registration is enabled

If PIN-based registration is enabled, device users will see Request Registration PIN.

Selecting Request PIN allows device users to send an invitation for registration as well as generate a PIN.

Figure 5. Registration with pin

Device users can complete the registration on their mobile device at https://<EPMM_Server_FQDN>/go. They will have to enter the PIN if prompted.

If QR-code registration is enabled

If Quick Response (QR) code-based registration is enabled, device users will see Generate QR Code. Selecting Generate QR Code allows device users to complete the device registration process.

When users log into the Self-service portal (SSP) home page, they can select one of two registration buttons:

  • Send Invitation – Receive registration information by SMS message and email.
  • Generate QR Code – Scan to be redirected to the appropriate registration page.

Users scan the QR code and are redirected to a browser to enter their pin or password:

  • iOS users: Once authenticated, iReg profile installation starts, completing device registration.
  • Android users: Once authenticated, the user is redirected to Google Play to download the registration app. Users open the app to complete device registration.

    Figure 6. Registration with QR code

If getting an Entrust derived credential is enabled

This feature is not supported on macOS devices.

If you enabled getting an Entrust derived credential in the System Manager, device users will see Request Derived Credential when they receive their registration PIN for a device. Before using the registration PIN to register Ivanti Mobile@Work to Ivanti EPMM, the device user should request a derived credential.

Figure 7. Request derived credentials

To get a derived credential:

  1. Select Request Derived Credential.

    The user is directed to the Entrust IdentityGuard self-service module URL that you specified in the System Manager.

  2. The user interacts with the Entrust self-service portal to get a derived credential, including naming the derived credential.

    The Entrust self-service portal provides a Derived Mobile Smart Credential Activation Password.

    Important: The user must record this password for later use in activating the derived credential.

  3. After recording the password, the user follows directions to indicate he is done.

    The user is directed back to the user portal. A brief message indicates whether getting the derived credential was successful. If it was successful, Request Derived Credential is disabled.

The user then does the following:

  1. Use Ivanti Mobile@Work to register the device to Ivanti EPMM.
  2. Use the PIV-D Entrust app on the device to activate the derived credential.

If Change Device Ownership role is enabled

If the Change Device Ownership role is enabled, device users will see the option to change the device ownership.

Figure 8. Change device ownership option

Selecting Change Ownership allows the user to change the device ownership.

Figure 9. change device ownership settings

User Portal, change device ownership settings

If Default ownership for devices is enabled for Device users

If your device administrator has enabled Default ownership for devices registered at the user self-service portal for Employees, you can modify the default ownership for the device, from Employee to Company and back. By default, that information is not editable by the device user. For information about the administrator settings on the Registration page, see "Understanding the Registration page" in the Devices chapter of Getting Started with Ivanti EPMM.

If generating a one-time PIN for resetting the secure apps passcode is enabled

If you have configured Ivanti EPMM as described in What is the self-service user portal?, the device user sees the option Reset Secure Apps Passcode. This option is among the device management actions presented to the user for iOS and Android devices.

Figure 10. Reset secure apps passcode

Reset secure apps passcode


  1. Select Reset Secure Apps Passcode.
  2. On the next screen, select the button Reset Secure Apps Passcode.
  3. A dialog box displays containing the one-time PIN.
  4. In Ivanti Mobile@Work on an iOS device, or in the Secure Apps Manager on an Android device, follow the instructions for resetting a forgotten secure apps passcode.
  5. When prompted for user credentials, enter the user name and the one-time PIN.
  6. Follow the instructions to create a new secure apps passcode.

What client users see after registering their device

The user portal displays:

  • Icons for each device management action the user is allowed to perform.
  • User and device information, including:
    • Device type (iPod touch, 4th gen in the example)
    • Status (Active, for example)
    • Last check-in (example, 2 hours ago)
    • Phone number
    • OS and version (to 3 digits, iOS 7.1.1, for example)
    • Carrier (for example, AT&T)
    • IMEI value, if applicable
    • Manufacturer
    • Date the device was registered with Ivanti EPMM
  • Accounts settings and certificates uploaded by the device user.
  • Helpdesk contact information configured by the Ivanti EPMM administrator.

Figure 11. User portal showing user's device information

User portal showing user's device information