What users see after they login
Depending on the user portal role enabled, device users may have a different view of the user portal.
The Welcome menu is in the top-right of the user portal. From this menu, you can perform the following actions:
- View Activity - See a list of all device activity. See If Register Device role is enabled.
- Helpdesk - Configure the help desk contact information to display in the user portal. See Configuring help desk contact information.
- Settings - View user portal settings.
- Sign Out - Sign out of the self-service user portal.
If Register Device role is enabled
If the Register Device role is enabled, device users will be able to send an invitation from the user portal to register their device.
Figure 1. Send invitation to register
After the invitation is sent, the device status is seen as Pending.
Figure 2. Registration pending for device
Device users can complete the registration on their mobile device at https://<EPMM_Server_FQDN>/go.
Figure 3. Complete device registration
After registration is completed on the mobile device, the status for the device is changed to Active.
Figure 4. Active device status
On iOS devices, [email protected] is installed only if it was set up for distribution through Ivanti EPMM. If not, users can download [email protected] from the Apple App Store. Instructions for downloading [email protected] from the Apple App Store are provided in the email sent to the device user.
If PIN-based registration is enabled
If PIN-based registration is enabled, device users will see Request Registration PIN. Selecting Request Registration PIN allows device users to send an invitation for registration as well as generate a PIN.
Figure 5. Registration with pin
Device users can complete the registration on their mobile device at https://<EPMM_Server_FQDN>/go. They will have to enter the PIN if prompted.
If QR-code registration is enabled
If Quick Response (QR) code-based registration is enabled, device users will see Generate QR Code. Selecting Generate QR Code allows device users to complete the device registration process.
When users log into the Self-service portal (SSP) home page, they can select one of two registration buttons:
- Send Invitation – Receive registration information by SMS message and email.
- Generate QR Code – Scan to be redirected to the appropriate registration page.
Users scan the QR code and are redirected to a browser to enter their pin or password:
- iOS users: Once authenticated, iReg profile installation starts, completing device registration.
- Android users: Once authenticated, the user is redirected to Google Play to download the registration app. Users open the app to complete device registration.
Figure 6. Registration with QR code
If getting an Entrust derived credential is enabled
This feature is not supported on macOS devices.
If you enabled getting an Entrust derived credential in the System Manager, device users will see Request Derived Credential when they receive their registration PIN for a device. Before using the registration PIN to register [email protected] to Ivanti EPMM, the device user should request a derived credential.
Figure 7. Request derived credentials
To get a derived credential:
Select Request Derived Credential.
The user is directed to the Entrust IdentityGuard self-service module URL that you specified in the System Manager.
The user interacts with the Entrust self-service portal to get a derived credential, including naming the derived credential.
The Entrust self-service portal provides a Derived Mobile Smart Credential Activation Password.
Important: The user must record this password for later use in activating the derived credential.
After recording the password, the user follows directions to indicate he is done.
The user is directed back to the user portal. A brief message indicates whether getting the derived credential was successful. If it was successful, Request Derived Credential is disabled.
The user then does the following:
- Use [email protected] to register the device to Ivanti EPMM.
- Use the PIV-D Entrust app on the device to activate the derived credential.
If Change Device Ownership role is enabled
If the Change Device Ownership role is enabled, device users will see the option to change the device ownership.
Figure 8. Change device ownership option
Selecting on Change Ownership allows the user to change the device ownership.
Figure 9. change device ownership settings
If Default ownership for devices is enabled for Device users
If your device administrator has enabled Default ownership for devices registered at the user self-service portal for Employees, you can modify the default ownership for the device, from Employee to Company and back. By default, that information is not editable by the device user. For information about the administrator settings on the Registration page, see "Understanding the Registration page" in the Devices chapter of Getting Started with Ivanti EPMM.
If generating a one-time PIN for resetting the secure apps passcode is enabled
If you have configured Ivanti EPMM as described in What is the self-service user portal?, the device user sees the option Reset Secure Apps Passcode. This option is among the device management actions presented to the user for iOS and Android devices.
Figure 10. Reset secure apps passcode
- Select Reset Secure Apps Passcode.
- On the next screen, select the button Reset Secure Apps Passcode.
- A dialog box displays containing the one-time PIN.
- In [email protected] on an iOS device, or in the Secure Apps Manager on an Android device, follow the instructions for resetting a forgotten secure apps passcode.
- When prompted for user credentials, enter the user name and the one-time PIN.
- Follow the instructions to create a new secure apps passcode.
What client users see after registering their device
The user portal displays:
- Icons for each device management action the user is allowed to perform.
- User and device information, including:
- Device type (iPod touch, 4th gen in the example)
- Status (Active, for example)
- Last check-in (example, 2 hours ago)
- Phone number
- OS and version (to 3 digits, iOS 7.1.1, for example)
- Carrier (for example, AT&T)
IMEI value, if applicable
- Date the device was registered with Ivanti EPMM
- Accounts settings and certificates uploaded by the device user.
- Helpdesk contact information configured by the Ivanti EPMM administrator.
Figure 11. User portal showing user's device information