Enrolling Android Enterprise Devices

Before you begin

This procedure enrolls your Android devices as Android Enterprise devices. See Android Enterprise Devices to learn about the benefits of enrolling devices within the Android Enterprise program.

Tip: If you plan on only enrolling Android Enterprise devices, consider changing your Android Plus Management Style to simplify your usage of SOTI MobiControl.

About this task

In this procedure, you'll learn how to:

Procedure

  1. Optional: Set up an Android Enterprise Binding to manage your managed Android accounts.
    Important: An enterprise binding is only necessary if you plan to use the managed Google Play Store to distribute apps to your Android Enterprise devices. Learn more about the managed Google Play Store and enterprise bindings at Android Enterprise Bindings.
Define enrollment settings for Android Enterprise devices
  1. In the SOTI MobiControl legacy console, go to Android Plus > Rules and right-click Add Devices. Select Create Add Devices Rule to launch the Create Add Devices Rule wizard.
    An add devices rule defines enrollment settings for your devices. You can create multiple add devices rules, each with different enrollment settings. However, you cannot use one add devices rule across multiple platforms.
    Location of right-click menu to create a new Android Plus add devices rule.
  2. Enter a name for the add devices rule. Make it brief, but descriptive, especially if you plan to create multiple add devices rules. Click Next.
  3. Choose the destination device groups:
    Manual All devices enrolled with this rule will be placed in the same device group.

    On the next screen, select a device group from the list to enroll your devices into and then skip to the step for selecting a user authentication option.

    Based on User Group Membership Devices will be placed into groups based on the membership of the user account assigned to the device. You'll be able to associate user groups to specific device groups later on in the wizard.

    Click Next.

  4. Choose either LDAP Directory Service or Identity Provider and then select an identity management connection from the dropdown list. If you have not configured any connections yet, click Manage Directory Services / IdP Connections to configure a new connection in the dropdown list instead. See Identity Management for more information. Click Next.
  5. Enter a user group (for example, administrators) that exists in your connection in the field and click Add. Once it appears under User Groups, choose a device group from the dropdown list. All members of the user group will be automatically added to the selected device group as soon as they enroll in SOTI MobiControl. If you'd like, add any terms and conditions documents. Click Next.
    User group mapping in add devices rule
  6. Select a user authentication option.
    Note: These options appear only if you chose Manual for mapping your device destinations.
    Utilize user groups to authenticate users during device enrollment Use a directory service or an identity provider for user authentication.

    Select Directory Service to select a directory service connection from the list, and search for a user group using that connection. If no directory service connection has yet been configured, select Manage Directory Services to open the Directory which you can use to configure a new connection.

    Select Identity Provider to select an identity provider connection from the list, and search for a user group using that connection. If no identity provider connection has yet been configured, select Manage IdP Connections to open the Identity Provider which you can use to configure a new connection.

    Password required to verify device enrollment Specify a single password for enrollment across all devices that enroll using this add devices rule.
    No password required to verify device enrollment Allow devices to enroll without verification.
  7. Select a certificate authentication authority. Click Next.
  8. Optional: Enable the Terms and Conditions setting and select a terms and conditions document from the dropdown list. If you haven't uploaded a terms and conditions document yet, click Manage to add a new document. Click Next.
    Device users will be prompted to accept the terms and conditions upon enrollment.
  9. Choose the permissions you want the Android Plus device agent to request.
    Note: If you also enable the Deploy latest plugin to enrolled devices option on the Device Setup wizard screen, these permissions are granted silently.
    Draw over other applications Grants the permission to display content on top of other apps in the foreground
    Modify system settings Grants the permission to modify system settings
    Notification access Grants the permission to read all notifications posted by the system or any installed app
    Usage access Grants the permission to access app usage history and collect detailed information
  10. Choose an Android Enterprise account type.
    Your choice depends on how you plan to use the managed Google Play Store.
    Managed Google Accounts Select this option to manage the devices using Google Accounts created in the Google Admin Console.
    Managed Google Play Accounts Select this option to manage the devices using a managed Google Play account.

    Select the enterprise you want to use from the list.

    Skip Google Account Addition During Enrollment on Managed Android Devices Select this option if your devices will not require access to the managed Google Play Store.
    Note: You can still deploy applications to Android devices using the SOTI MobiControl package deployment functionality.
    Enroll your fully managed device with a work profile Select this option if you want to enroll your device as Corporate Personal (a Work Managed device with a profile for the device user's data and apps).
  11. Choose the download source of the Android Plus device agents. Select Download from the Google Play Store to ensure your devices are always updated with the latest device agent. Select Download directly from server if you need to control app updates more strictly. Click Next.
    If your preferred Android Plus agents are not already available on the server, you'll need to download them to your SOTI MobiControl instance. Click Manage Agents and add the latest Android Plus device agents.
  12. Specify a naming convention for your devices. Use a combination of text and macros to automatically and intelligently name your devices.
    For example, Ottawa Sales %AUTONUM% %ENROLLEDUSER_EMAIL% transforms into Ottawa Sales 001 sarah@organization.com, Ottawa Sales 002 saurabh@organization.com, and so on.
  13. Decide if you want to install a device plugin on your device at the time of enrollment.
    Device plugins grant Android Plus device agents additional management capabilities. See Device Plugins for more information. This setting installs a device plugin on newly enrolled devices if a plugin is available for that device model. If no plugin is available, then the device is skipped. SOTI MobiControl installs the latest available version of the plugin whether its already in your SOTI MobiControl database or not. SOTI MobiControl will update your database with the new plugins it sends to devices as a result of this setting.

    You can always install a plugin later if you choose not to install one now.

  14. Review your enrollment settings. Click Back to return to a previous screen and make changes or click Advanced to adjust the rule further.
  15. Once you're satisfied with your enrollment settings, click Finish to save your new add devices rule.
  16. Make a note of the Enrollment ID or Enrollment URL.
    Location of Enrollment ID and URL in add devices rule summary
Enroll Android Enterprise Devices
Important: To activate the device as a Work Managed or Corporate Personal device, you must download the Android Enterprise device agent during the initial device setup. If the device agent is downloaded after the device setup is complete, the device can only be activated as a work profile or you can factory reset the device and start again.
  1. Download and install the SOTI MobiControl Android Enterprise device agent on the device. Note that Corporate Personal for Android OS 11 and later is only supported using QR code or zero-touch options.
  2. Launch the agent on the device and enter the enrollment ID or the enrollment URL of the add devices rule whose settings you want to apply to the device.
    You can find the enrollment ID and the enrollment URL in the Information pane of the Rules tab when the add devices rule is selected.
  3. Follow the instructions in the Device Agent Configuration applet.

Results

Your device is now enrolled in SOTI MobiControl and can communicate with the SOTI MobiControl deployment server.