Understanding the Registration page

The Users and Devices Registration page defines a variety of key defaults that will help define the device registration defaults for your device users.

The page consists of the following sections:

• Setting passcode and registration code defaults
• Setting the per-user device limit
• Ownership settings
• Using the end user Terms of Service
• Countries for registration
• Platforms for registration
• Setting the default PIN registration settings

Setting passcode and registration code defaults

The first options on the Registration page set the defaults for Registration passcodes and PIN codes.

Passcode Expiry (hours): After the configured number of hours, the registration passcode expires. The default is 4 hours. The minimum value is 1 hour. The maximum value is 4320 hours (6 months).

If you try to extend the registration PIN passcode settings beyond the default value, the following warning is displayed: Increasing the validity period for the PIN may pose a security risk and it is not recommended best practice.

Registration PIN Code Length (6-12): By default, device users must enter a password to register a device. You have the option to require an Ivanti EPMM generated Registration PIN in place of or in addition to the password.

Procedure 

1. In the Admin Portal, go to Settings > System Settings > Users & Devices > Registration.
2. Select the number of hours after which your registration passcode expires.
3. Select a Registration PIN code Length between 6-12 characters, which sets the minimum length for the PIN.
4. Click Save.

Setting the per-user device limit

This task is described (with images) in the section "Configuring the Per-User Device limit" in the Self-service User Portal chapter of the Ivanti EPMM Device Management Guide for your operating system.

Setting LDAP group-specific device limits

This task is described (with images) in the section "Limiting devices per user by LDAP group membership" in the Self-service User Portal chapter of the Ivanti EPMM Device Management Guide for your operating system.

Ownership settings

Ownership settings allow the administrator to decide whether:

• A newly-registered device is Company or Employee owned by default
• A newly-registered device from the self-service user portal is Company or Employee owned by default
• A newly-registered Android device using Google Zero Touch (ZT) or Samsung Knox Mobile Enrollment (KME) or Work Managed Device Non-GMS mode (AOSP) is Company or Employee owned by default

Procedure 

1. In Ivanti EPMM, go to Settings > System Settings > Users & Devices > Registration.

2. For the Default ownership for a newly registered device setting, select the relevant radio button:

   • Company owned
   • Employee owned

3. For the Default ownership for a device newly registered at the user Self-Service Portal, select the relevant radio button:

   • Company owned
   • Employee owned

   This only impacts the default selection in the self-service portal at the time of new device registration. Device users can still change the device ownership.

4. For the Default Ownership of Android devices using Google ZT or Samsung KME or non-GMS (AOSP) mode setting, select the relevant radio button:

   • Company owned
   • Employee owned

   Select Show Terms of Service to have them displayed in the client. If de-selected (default), the Terms of Service will not display. (To create a Terms of Service, see Configuring an end user Terms of Service agreement in the Ivanti EPMM Device Management Guide for Android and Android Enterprise devices.)

5. Enable Save User Password if you plan to save device user passwords.

   Important Prior to Ivanti EPMM 11.6.0.0, if the "Save User Password" check box was enabled and then disabled, Ivanti EPMM did not delete all the Lightweight Directory Access Protocol (LDAP) user passwords already in its database. For Ivanti EPMM 11.6.0.0 and later releases, if "Save User Password" is enabled and then disabled, a pop-up message appears, warning that all stored passwords will be deleted.

6. To allow device users to learn more about the privacy of their data, click Enable Privacy Settings in Mobile@Work. For more details about this feature, see the section Visual privacy in the Managing Devices chapter of the Ivanti EPMM System Manager Guide for your operating system.

7. Select Require device identifiers for enrollment (Android 6.0 or later only) to require permissions to phone details (phone number and IEMI) for Android device administrator and profile owner.

   For Ivanti EPMM 11.6.0.0 and earlier, this setting applies only to devices with Device Admin (DA) mode. In Ivanti EPMM 11.7.0.0+, it includes Android Enterprise modes.

8. Click Save.

Using the end user Terms of Service

This task is described (with images) in the section Configuring an end user Terms of Service agreement in the Self-service User Portal chapter of the Device Management Guide for your operating system.

Countries for registration

A subset of countries are enabled for device registration by default. You should check this list and determine if any of your users have home countries not represented in the default list. You can move countries back and forth between the Enabled Countries and the Disabled Countries list. For a full task description, see Enabling additional countries for registration in the Managing Devices chapter of the Device Management Guide for your operating system.

Platforms for registration

This task is described in the section Specifying eligible platforms for registration in the Managing Devices chapter of the Device Management Guide for your operating system.

Setting the default PIN registration settings

Enable the My device has no phone number check box to allow device users to register without a phone number during PIN Registration.