Creating Enrollment Rules for Smart Devices
Enrollment rules allow smart devices to connect to the server and determine which folders the devices will be displayed in. An enrollment rule contains an ID, password, and the name of the folder that devices using the rule will be placed in. An enrollment rule can also be associated with an Android Enterprise account, giving the device's work profile access to the enterprise's approved apps.
To connect a smart device to Avalanche, the device user must provide an enrollment ID and password. When the device connects to the Avalanche server, it enrolls and is placed in the folder associated with the enrollment rule it used.
To create an enrollment rule
1.Click the Enrollment tab. In the Enrollment Rules panel, click Add.
-Or-
In the Navigation Tree, select the region or folder you want to create a rule for and click View. On the Folder Details page, click Add in the Enrollment Rules panel.
The Enrollment Rule dialog box appears.
2.Enter the enrollment ID, target folder, and password for the enrollment rule in the text boxes.
Each enrollment rule must have a unique ID. We recommend that enrollment rules use IDs that indicate the purpose of the enrollment rule.
3.If you are connecting Android devices, select a notification service.
•If you are using version 6.2 or older of the standard Avalanche enabler, select ANS.
•If you are using version 6.3 or newer of the standard Avalanche enabler, select ANS or FCM.
•If you are using the Android Enterprise enabler, select FCM.
4.If you are using Android Enterprise, select an enterprise from the Android ESA drop-down menu.
5.If you want the device to display a End User License Agreement (EULA) to the device user, you can upload one of your own or modify the template provided by Ivanti. Click Download template to view the sample template, or click Browse to upload your own text file.
6.Click Save.
7.Perform a deployment to send the enrollment rule to the smart device servers.
When a device enrolls, it is placed in the folder associated with the enrollment rule it used.
Types of notification services
While creating an enrollment rule, you must select a notification service to establish communication between Android devices and the Avalanche server. Avalanche currently supports the following notification services:
•Avalanche Notification System (ANS). ANS is supported by Ivanti and does not require any additional credentials. ANS can be used with the standard Avalanche enabler.
•Google Firebase Cloud Messaging (FCM). FCM can be used with version 6.3 and newer of the standard Avalanche enabler and the Android Enterprise enabler. For information about obtaining FCM credentials or migrating from GCM, see Configuring FCM for Android.
There are two types of enrollment rules: reference and group.
•Reference. A reference enrollment rule must be created at a region. A reference enrollment rule is not tied to a specific device server, so when a device uses the enrollment rule, it is placed in a folder relative to the device server that it connects to. For example, if the target folder associated with a reference rule is Staging, then any device using that enrollment rule is placed in a folder named Staging inside the region of the server that it connects to. If the region doesn't have a Staging folder, the folder is automatically created. Reference rules are especially useful if you are using the bulk enrollment feature. For additional information about bulk enrollment, see Connecting Android Devices.
•Group. A group enrollment rule must be created at a folder. A group enrollment rule is tied to a specific device server, and all devices using the rule will be placed in the same folder. If you change the folder associated with a rule, devices that have already enrolled are not affected.
Each enrollment rule sets the protocol used to communicate with the device. The protocols are specific to the type of Enabler you install. For more information about which protocol to use with enrollment rules, see Connecting Android Devices.
Each enrollment rule has a folder associated with it. When a device enrolls, it is put into the folder associated with the enrollment rule. The device may move or be moved, depending on the type of folder assignment that the server has configured.
•Static device folder assignment. you have the option to move the device to a different folder after it is enrolled, but if the device re-enrolls, it is moved back to the folder associated with the enrollment rule.
•Dynamic device folder assignment. when it syncs, the device is moved to the first folder that has matching selection criteria. The server evaluates the device during each sync.
Dynamic or static folder assignment is configured in the smart device server profile. For more information, see Creating and Configuring a Smart Device Server Profile.