Assigning user portal device management roles

One of your decisions when you distribute Ivanti EPMM management is whether or not to enable your users to manage one or more device actions such as locking or unlocking a device. You can assign users to different roles, giving them access to the set of actions you specify. The Ivanti EPMM user portal provides several device management options for your users. You give them access to these management tasks by assigning them roles in the Admin Portal.


  1. In Admin Portal, go to Devices & Users.

  2. Select the users receiving device management privileges.

  3. From Actions, select Assign Roles.

  4. Check User Portal.

  5. Check one or more roles to assign the corresponding management actions to the selected users.

  6. User roles include:

    • Wipe Device
    • Lock Device
    • Unlock Device – The Unlock Device feature works in Managed Device with Work Profile (COPE) mode for Android devices versions 8-10.
    • The Unlock Devices does not work for Android devices in Work Profile mode starting from Android 7 and higher.
    • Upon upgrade to Android 11, administrators do not have the ability to unlock the device; however, in Ivanti EPMM verison +, administrators do. Additionally, administrators can set the PIN to the default setting or a to custom six-digit PIN. See Setting the unlock PIN for a specific device.
    • IMPORTANT: The Unlock command clears passcodes and TouchIDs from the managed device, compromising device security. Never use this feature on lost or stolen devices.
      • Locate Device
      • Retire Device
      • Register Device
      • Change Device Ownership
      • Reset PIN (for Windows 8.1 Phone and Windows Mobile 10 devices)
      • Reset Secure Apps Passcode
      • Trust/Untrust (for iOS devices)
      • Use Google Device Account (for Android Enterprise devices only)
      • Enable Auth Only Role
  1. Click Save.