Device self-service enrollment
Click here to see this page in full context

 

Device self-service enrollment

About

Device users can use device self-service enrollment for enrolling devices to Miradore. The enrollment is done using a web page of which URL address the users can request from the helpdesk.

All device enrollments attempted by users are authorized with enrollment codes that helpdesk is able to manage in Self-service enrollments view. Without valid enrollment codes, users are not able to enroll new devices to Miradore. The device self-service enrollment is useful when device acquisitions are not handled by IT departments, but instead, people purchase new devices by themselves or want to enroll their own devices to Miradore.  

This page describes the process of enrolling Windows or Mac OS X devices to Miradore as a self-service enrollment.

Requirements

Users can open the enrollment web page using Internet Explorer, Edge, Firefox, or Chrome on Windows devices and Safari on Macs.

Device self-service enrollment requires Miradore Client 3.5.8 (or newer) on Windows devices and Miradore Client 1.6.6 (or newer) on macOS devices to work.

Network requirements

 

Step-by-step process description

  1. The process begins when device end-user contacts to helpdesk and wants to get his or her device enrolled to Miradore management system. The user might have a computer that runs Microsoft Windows or Mac OS X operating system.

  2. Next, the helpdesk operator navigates to Operations > Asset management > Enrollments > Self-service enrollments view, and creates a new Self-service enrollment item using the Tasks menu in the view.

  3. When a new self-service enrollment item is created, the system generates a unique enrollment code, and writes that code to the "Enrollment code" field on the Self-service enrollment item that was created.

  4. Help desk must then provide the enrollment code AND the enrollment URL address to the device user. The URL address is displayed in the "Enrollment URL" field on the Self-service enrollment item page.

  5. Then, the user should enter that URL address to his internet browser, and follow the instructions provided on the page. The page will have a language selector on the top-right corner, so the user is able to use the page with his or her preferred language. At some point, the page will ask the user to enter the enrollment code, which is very important to enter correctly, because it is used to authenticate the self-service enrollment.

  6. Run the downloaded MiradoreClient.pkg file and follow the instructions provided in the installer.

  7. At the end of a successful self-service enrollment, the system might perform automatic package installations for the enrolled computer. This happens if the administrators have attached packages to the configuration item, like device usage, which is selected for the device at the Self-service enrollment item.



    For example, there is a system package in Miradore which can change the host name of the enrolled device to match with the device name generation profiles defined in Miradore. Or on the other hand, there is a system package that can perform an offline domain join for the enrolled computer.

    Please read the article Attaching packages to configuration items, if you want to learn how to attach packages to the configuration items like device usage.

Enrollment code lifetime

Notice that the enrollment codes are valid for one hour by default. If the enrollment code gets expired, it is possible to renew the enrollment code using the "Reactivate" task on the Self-service enrollment item. The validity period of self-service enrollment codes can be customized at "Administration > System settings > Main > Self service portal > Self service portal general > Self-service enrollment code lifetime (min)".

How to join self-enrolled devices to domain

The computers, that have been enrolled to Miradore by their users as a self-service, are often not reachable for the organizations domain controller, and therefore, the computers cannot be joined to a Microsoft Active Directory Domain. For joining the computers to a Microsoft Active Directory Domain without contacting the domain controller, there is an Offline domain join connector in Miradore. With the Offline domain join connector, it is possible to perform an offline domain join to computers that cannot access the organization's network.

Certificate for HTTPS connections

If you are using a private certificate for HTTPS client-server connections, you also need to distribute the certificate to the device before it can establish a connection with the Miradore server. For more, please read Certificate store for Client - Server connections.

Related processes

Asset management

See also

Package building

 

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.