Registration methods

Registering a device designates it for management by MobileIron Core.

Before you begin 

Setting the registration PIN code length for device user registration

The following registration methods are available:

• Admin invites users to register
• In-app registration for iOS and Android
• Customized registration using a URL or a QR Code
• Users register additional devices
• Admin registers ActiveSync devices
• Registering an Apple TV
• Registration via user portal

The process resulting from these methods may vary by device OS.

Admin invites users to register

For users who are mobility savvy and do not require significant assistance, you can send an invitation and enable them to register their own phones. You can send an invitation to multiple users from the Users Management screen. The invitation includes instructions on how to log into the user portal to register phones.

The user needs to know the following information for the device:

• phone number (if any)
• country
• platform

Related topics

Invite users to register

In-app registration for iOS and Android

One way to reduce the load on IT personnel is to instruct iOS and Android users to download the MobileIron app directly from the App Store on iTunes or from Google Play and initiate registration from within the Mobile@Work app.

For iOS devices

1. Go to Settings > System Settings > iOS > MDM and select the Send email to user and notification to client if MDM profile is not installed check box.
2. Device users of iOS 12.2 and later will need to download Mobile@Work, manually navigate to Settings view and download the MDM profile.

3. Device users then complete the registration process by responding to registration prompts. If Core detects that the MDM profile has not yet been installed, upon the next device check-in, Mobile@Work will display a notification asking the device user to re-enroll.

   NOTE:

   In iOS 13, the option to "Allow Always" was removed from the iOS Settings app. Instead, a dialog box displays requesting device users to enable tracking when the Mobile@Work app is running. Mobile@Work opens iOS Settings where device users can choose "Ask Next Time" or "Never". MobileIron recommends device users to enable tracking. This change applies to all versions of iOS 13 through the latest version as supported by MobileIron. Mobile@Work for iOS does not track device users' location without consent.

Administrator tasks

• This feature depends on access to the MobileIron Gateway; therefore, the corresponding port must be properly configured. See the Pre-Deployment Checklist in the On-Premise Installation Guide for details. The User Portal role must be assigned to the user.
• For iOS devices, you must enable the MDM profile in the Admin portal.
  • Go to Settings > System Settings.
  • Expand iOS and select MDM. The MDM page displays.
  • Select the Enable MDM Profile check box. 
  • Click Save.
• To auto-populate the MobileIron Core server name during registration, the following setup is required:
  • The user associated with the device must be known as an LDAP user or defined as a local user.
  • To auto-populate based on the email address, you must register your VSP with MobileIron.
• Set up the registration email template, see Customizing registration messages

• Schedule email reminders, see Customizing registration messages

• Send the email invitation to device users.

Customized registration using a URL or a QR Code

As a convenience, instead of device users entering registration credentials, you can setup an infrastructure to use a QR Code or URL link to automatically enter the registration credentials. This feature is applicable for iOS and macOS devices.

Before you begin 

The company administrator must set up an infrastructure to generate a web page containing a QR Code or URL link from the credentials generated by UEM (see Implementing infrastructure for QR code with device PIN.)

• In the case where the web page generated by the company is viewed on a computer, a QR Code would be appropriate to present. When constructing the QR code, it should contain a URL and follow this format:

  mirp://<server host name>&user=<Username>&pin=<PIN>

  Example: mirp://your.server.rock.com&[email protected]&pin=4444

  NOTE:

  It is recommended that the web page created by the admin to provide a QR code also provides the instructions to download the app from the iTunes App Store or Google Play and the instructions to scan the QR code.

• In the case where the web page is viewed on the device where Mobile@Work is being registered, a URL link would be appropriate.

Implementing infrastructure for QR code with device PIN

The below procedure works for iOS devices and utilizes the PIN code as part of the registration.

1. Enable the PIN code registration

1. Go to Settings > Users & Devices > Device Registration.

2. Select the appropriate field for the type of Android device:

   • For unmanaged Android devices, change the In-App registration requirement to Registration PIN.
   • For managed Android devices, change the Zero Touch and Samsung Knox Mobile Enrollment field OR the Managed Devices / Device Owner (afw#, QR code, NFC) field to Registration PIN.

2. Enable the QR code integration

1. Go to Settings > Users & Devices > Device Registration.
2. Click on Templates tab > Registration Templates.
3. Select your language and then click the Edit button.

4. In the Registration Email section, PIN field, replace the default text with this code: 

   <li>Registration PIN: <i>$PASSCODE$</i> (valid for $PASSCODE_TTL$ hours)

   <p>

   Or Scan the QR Code:

   </p>

   <P>

   <img id=&#39;barcode&#39;

   src="https://api.qrserver.com/v1/create-qr-code/?data=mirp%3A%2F%2F$SERVER_URL$%26user%3D$USER_ID$%26pin%3D$PASSCODE$"

   width="200"

   height="200" />

   </P>

5. Click Save.

   When this code has been added, administrators can directly register a device from the Device Registration screen in Core and / or the device user can initiate the registration from the e-mail invitation.

Registering using a web page on a desktop computer

Below is a sample implementation where the web page is viewed on a desktop computer.

Procedure 

1. Core administrator sends device user an email with a link to the company's webpage.

2. In the email, the device user clicks on the link.

   The link opens to the company web page displaying a QR code on it.

3. On the user's device, the user goes to the iTunes App Store or Google Play and downloads Mobile@Work.

4. User launches the phone's camera.

   NOTE:

   The Scan QR Code page may open. Device users will need to allow access to the device camera for scanning the QR code. Tap on Open Settings, slide the camera on, then return to Mobile@Work.

5. User scans the QR code that is on the web page.

   The Mobile@Work login page opens with the username, server address and PIN/password fields populated.

   NOTE:

   If the PIN field is not automatically populated, the device user will need to manually enter it.

6. User taps Go or Register and continues the registration process.

Note The Following:  

• On launching the Mobile@Work app, the user can tap on the QR code icon (to the right of the user name field), and launch the in-app camera. This camera can then be used to scan the QR code and continue with the registration process.
• On devices running iOS 11.0 or later, the native camera can be used to scan the QR code. Upon scanning the QR code, the device user is prompted to launch Mobile@Work. Tapping on the prompt launches Mobile@Work with the device user’s credentials filled in. The device user can then tap Go or Register to continue with the registration process.
• On devices running iOS 10, the native camera lacks the ability to scan QR codes. To work around this, the device user can launch the Mobile@Work app, tap on the QR code icon (to the right of the user name field), and launch an in-app camera. This camera can then be used to scan the QR code and continue with the registration process.

Registering using a web page on an iOS device

Below is a sample implementation where the web page is viewed on an iOS device.

Procedure 

1. Administrator sends device user an email with a link to the company's web page.

2. In the email, the device user taps on the link.

   The company's web page opens displaying two links.

3. Device user taps on the first link and downloads the Mobile@Work app from the iTunes App store or from Google Play.

4. Device user taps on the second link, the Mobile@Work login page opens with the username, server address and PIN/password fields populated.

   NOTE:

   If the PIN field is not automatically populated, the device user will need to manually enter it.

5. User taps Go or Register and continues the registration process.

   NOTE:

   In iOS 13, the option to "Allow Always" was removed from the iOS Settings app. Instead, a dialog box displays requesting device users to enable tracking when the Mobile@Work app is running. Mobile@Work opens iOS Settings where device users can choose "Ask Next Time" or "Never". MobileIron recommends device users to enable tracking. This change applies to all versions of iOS 13 through the latest version as supported by MobileIron. Mobile@Work for iOS does not track device users' location without consent.

Users register additional devices

Once a device has been registered, an authorized user can use the user portal to register additional devices without administrative help. This is often used with adding devices for users who do not require assistance.

Prerequisites

• Users must have the User Portal role assigned, with the Device Registration option enabled.
• The user needs to know the following information for the device:
  • phone number (if any)
  • country
  • platform

Related topics

Self-service User Portal

Admin registers ActiveSync devices

If you have a MobileIron Sentry configured, then you can see the devices that are connecting to your ActiveSync server. To incorporate these devices into your MobileIron Core inventory, you can use the Register button in the ActiveSync Associations screen. This is often used with devices accessing email via ActiveSync.

Prerequisites

• MobileIron Sentry must be installed and configured.
• The user (local or LDAP) associated with the device must be available for selection at the time of registration.
• For iOS, Android, and Windows devices, the User Portal role must be assigned to the user.
• You need to know the following information for the device:
  • phone number (if any)
  • country code
  • platform

Related topics

ActiveSync device registration

Registering an Apple TV

You can register an Apple TV to MobileIron Core only through Apple Configurator.

Before you begin

The Apple TV must be connected to your corporate network. You can do this by configuring Wi-Fi on the Apple TV or connecting the Apple TV to your Ethernet.

Procedure

• Follow the instructions in Distributing MDM Profiles with Apple Configurator.

NOTE:

Using the Apple TV Assistant to import the MDM profile results in an error message. Cancel out of the Apple TV Assistant.

You can do the following when you manage an Apple TV with MobileIron Core:

• View device information.
• Distribute Wi-Fi profiles to the Apple TV.
• Retire the device.

Registration via user portal

The user portal can be used to streamline the registration process. See Self-service User Portal for more information.