Registration methods

Registering a device designates it for management by MobileIron Core.

Before you begin 

Setting the registration PIN code length for device user registration

The following registration methods are available:

You can also register Android devices using the MobileIron Provisioning app. See Provisioning an Android enterprise device

The process resulting from these methods may vary by device OS.

Admin invites users to register

For users who are mobility savvy and do not require significant assistance, you can send an invitation and enable them to register their own phones. You can send an invitation to multiple users from the Users Management screen. The invitation includes instructions on how to log into the user portal to register phones.

The user needs to know the following information for the device:

  • phone number (if any)
  • country
  • platform

Related topics

Invite users to register

In-app registration for iOS and Android

One way to reduce the load on IT personnel is to instruct iOS and Android users to download the MobileIron app directly from the App Store on iTunes or from Google Play and initiate registration from within the Mobile@Work app.

For iOS devices

  1. Go to Settings > System Settings > iOS > MDM and select the Send email to user and notification to client if MDM profile is not installed check box.
  2. Device users of iOS 12.2 and later will need to download Mobile@Work, manually navigate to Settings view and download the MDM profile.

  3. Device users then complete the registration process by responding to registration prompts. If Core detects that the MDM profile has not yet been installed, upon the next device check-in, Mobile@Work will display a notification asking the device user to re-enroll.

    NOTE: In iOS 13, the option to "Allow Always" was removed from the iOS Settings app. Instead, a dialog box displays requesting device users to enable tracking when the Mobile@Work app is running. Mobile@Work opens iOS Settings where device users can choose "Ask Next Time" or "Never". MobileIron recommends device users to enable tracking. This change applies to all versions of iOS 13 through the latest version as supported by MobileIron. Mobile@Work for iOS does not track device users' location without consent.

Administrator tasks

  • This feature depends on access to the MobileIron Gateway; therefore, the corresponding port must be properly configured. See the Pre-Deployment Checklist in the On-Premise Installation Guide for details. The User Portal role must be assigned to the user.
  • To auto-populate the MobileIron Core server name during registration, the following setup is required:

  • Schedule email reminders, see Customizing registration messages

Registering Android devices

As with other types of devices, you can configure whether you want Android device users to enter a password, PIN, or both during registration. This can be done with managed and un-managed Android devices.

NOTE: If upgrading to Core 10.6.0.0, and you have your Device Registration set to a specific authentication setting (Password, Registration PIN or Password and Registration PIN), the setting will be retained as a default. If you are registering devices for the first time using Core 10.6.0.0 or later as supported by MobileIron, the default setting is Password.

Before you begin 

Setting the registration PIN code length for device user registration

Procedure 

  1. Upload the APK file for Mobile@Work for Android to a secure server. This server must be accessible to device users.
  2. For unmanaged Android devices:
    1. Go to Settings > System Settings > Users & Devices > Device Registration.

    2. In the In-App Registration Requirement field, select one of the following:

      • Password - device user will be required to enter username and password.
      • Registration PIN - device user will be required to enter a registration PIN.
      • Password and Registration PIN - device user will be required to enter a username, password, and registration PIN.
    3. Click Save.
  3. For Zero Touch and Samsung Knox Android managed devices:
    1. Go to Settings > System Settings > Users & Devices > Device Registration.

    2. In the Zero Touch and Samsung Knox Mobile Enrollment field, select one of the following:

      • Password - device user will be required to enter username and password.
      • Registration PIN- device user will be required to enter a registration PIN.
      • Password and Registration PIN - device user will be required to enter a username, password, and registration PIN.

    3. Click Save.

    For more information, see Provisioning Android enterprise devices using Zero Touch and Registering Samsung devices using Samsung Knox Mobile Enrollment

  4. For all other managed Android device types, in the Managed Devices/Device Owner (afw#, QR code, NFC) field, select one of the following:

    • Password - device user will be required to enter username and password.
    • Registration PIN - device user will be required to enter a registration PIN.
    • Password and Registration PIN - device user will be required to enter a username, password, and registration PIN.

    Click Save.

    For more information on registering using afw# token, QR code or NFC bump, see Provisioning an Android enterprise device.

  5. In Devices & Users > Add Single Device, make sure the "Include Registration PIN only for Android Company-Owned Device Enrollment" field is selected. 

  6. Click Register.

    The Registration Instructions dialog box opens.

  7. Copy the Registration PIN for sending to the device user. If you are intending to send an email invitation to device users, you can skip this step.
  8. Set up the email invitation template. See Customizing registration messages
  9. Send the email invitation to device users. Core will automatically add the Registration PIN within the invitation.

  10. Once the device user has registered, monitor devices for status in Devices & Users > Devices. The Android Automated Enrollment field lists the values as appropriate for the type of Android setup:

    • Google Zero Touch
    • Knox Mobile Enrollment
    • Non Zero Touch AE Enrollment
    NOTE: The Android Automated Enrollment field is valid for Core 10.6.0.0 through the latest version as supported by MobileIron. If an "Unknown" value displays, it indicates a previous version of Core was used and the "In-App Registration Requirement" field in Settings > System Settings > Users & Devices > Device Registration was used. It can also mean that an old client was used with Core version 10.6.0.0 or later.

Users register additional devices

Once a device has been registered, an authorized user can use the user portal to register additional devices without administrative help. This is often used with adding devices for users who do not require assistance.

Prerequisites

  • Users must have the User Portal role assigned, with the Device Registration option enabled.
  • The user needs to know the following information for the device:
    • phone number (if any)
    • country
    • platform

Related topics

Self-service User Portal

Admin registers ActiveSync devices

If you have a MobileIron Sentry configured, then you can see the devices that are connecting to your ActiveSync server. To incorporate these devices into your MobileIron Core inventory, you can use the Register button in the ActiveSync Associations screen. This is often used with devices accessing email via ActiveSync.

Prerequisites

  • MobileIron Sentry must be installed and configured.
  • The user (local or LDAP) associated with the device must be available for selection at the time of registration.
  • For iOS, Android, and Windows devices, the User Portal role must be assigned to the user.
  • You need to know the following information for the device:
    • phone number (if any)
    • country code
    • platform

Related topics

ActiveSync device registration

Registration via user portal

The user portal can be used to streamline the registration process. See Self-service User Portal for more information.

Registering Android devices via web portal (MIRP)

Administrators who use web portals (such as the BYOD Portal) to initiate registrations can provide a URL in the web portal to help device users register Android devices with little or no typing. Users just download Mobile@Work from Google Play and then tap the URL in the web portal from the device. Tapping the URL launches the Mobile@Work app and populates the registration screen with the available information, such as the username. The information that is available depends on the web portal being used.

The URL is based on the MobileIron Registration Protocol (MIRP). The link you provide on the web portal must have the following format:

mirp://<Core URL><parameters>

The following parameters are available:

  • user: The username for the device user.
  • pin: The PIN generated for this user for PIN-based registration.

Examples:

  • mirp://mycore.mycompany.com&user=android&pin=1234

    If you have configured MobileIron Core for PIN-only registration, device users will be automatically registered without having to enter any credentials.

  • mirp://mycore.mycompany.com&user=android

    Device users will be prompted to enter credentials to complete registration. The credentials include either a PIN or password, depending on how you configured Core.

Note The Following:

  • The ampersand character is reserved. If you require an ampersand in a field value, it must be URL-escaped to a character code (i.e.,%26).
  • Unsupported parameters will be ignored.

Registering Samsung devices using Samsung Knox Mobile Enrollment

MobileIron Core supports using the Samsung Knox Mobile Enrollment process to register qualified Samsung devices with MobileIron Core.

Using Samsung’s Knox Mobile Enrollment process, once the process is set up, qualified devices are automatically enrolled and registered to MobileIron Core when the end user activates the device for the first time.

Requirements

  • A CSV file that provides a list of device IMEI numbers or serial numbers, and optionally:
    • a username
    • a registration PIN and/or password

    If you configured registration to use a PIN, include a PIN in the registration file. If you configured registration to use a password, include a password. If you configured registration to use both a password and a PIN, include only one of them in the CSV file. You configure the registration requirements on the Admin Portal at:

    Settings > System Settings > User & Devices > Device Registration > Zero Touch and Samsung Knox Mobile Enrollment.

    NOTE: If username or PIN or password is not in the CSV file, the user must provide them.
  • A Samsung Knox account and use of the Samsung Knox Mobile Enrollment portal
  • Samsung Knox devices (see Samsung portal for a list of qualified devices)
NOTE: Mobile@Work for Android is automatically installed during the enrollment process.

Benefits

  • Bulk enrollment of devices: No user interaction is required to download the Mobile@Work app. The app is installed automatically as part of the enrollment process. No access to Google Play is required.
  • No need for users to enter credentials (unless desired); credentials are populated in the background.
  • Auto-Enrollment: Once a device is enrolled into an UEM/MDM via Samsung’s mobile enrollment process, the MDM software is always be imposed even if the device is erased, inadvertently or maliciously, until you remove the device from the Samsung Knox Mobile Enrollment portal or retire
  • Choice of enrollment options: you can choose to enroll the device using NFC bump, a URL, or automatic activation when a device is first powered on.
  • Multiple Core (or MobileIron Cloud) servers can participate in the program.

Instructions

Complete instructions for setting up and using the Samsung Knox Mobile Enrollment portal with MobileIron Core are available in the MobileIron knowledge base article, here:

Samsung Knox Mobile Enrollment with MobileIron Quick Start Guide

Related topics 

You can also register Android devices using the MobileIron Provisioning app. See Provisioning an Android enterprise device