User Registration Best Practices
MobileIron offers several methods for user registration that Mobile IT teams can choose from when planning their deployments. This document outlines the methods most commonly used by MobileIron customers deploying to more than 100 users or devices. We start with the best practice recommendation, in-app registration, and describe other common approaches and the situations in which each method is most appropriate. Please note that the recommendations in this document are provided as a starting point for customers planning deployments. Each customer must determine the approach that will work best in their company.
Recommended Approach: In-App Registration
The recommended approach to enrolling large numbers of users into MobileIron is to use the in-app registration method. This approach minimizes the amount of work that the Mobile IT team needs to do. It works best when leveraging LDAP to manage users and assign policies in the Virtual Smartphone Platform (VSP), as opposed to using local users and manual labels. The in-app method also allows the users to register their devices when it is most convenient for them.
Once the Mobile IT team is ready for users to start registering their devices, they just send email invitations directing users to install the MyPhone@Work app from the Apple App Store or Google Play, including detailed registration instructions. This registration method requires detailed instructions with screenshots for best results. Example registration instructions are available from MobileIron Services for customers to modify for their organizations.
The iOS registration process typically involves 5 steps or less after app installation and usually takes less than 10 minutes to complete. The Android registration process may be more involved and take longer, depending on whether encryption and any third party apps for email or VPN access are required.
This is the most common method used by MobileIron customers. It is appropriate for most organizations and users, with the exception of users who may be severely challenged by technology. If needed, MobileIron Professional Services can provide support for setting up this registration approach through either Basic or Advanced Implementation Services.
The approaches outlined below are recommended if any of the following conditions exist:
- You can’t use LDAP to manage users, but must set up users manually in the VSP
- You can’t use LDAP to assign policies, but must use manual label assignment
- You must use the PIN registration method, instead of password-only registration, which requires users to be set up in the VSP for PIN assignment and management.
- Bulk registration from the MobileIron VSP
- Registration through the MyPhone@Work User Portal
- Web-based registration for iOS devices
Each method is described below. Because the following methods require more effort by Mobile IT or users, they are recommended only if the in-app registration method cannot be used. If you must use one of the three methods listed below, MobileIron recommends the bulk registration method because it reduces the risk of user error during registration and does not limit device management in any way.
Bulk Registration from the MobileIron VSP
With the bulk registration method, the Mobile IT team creates a .csv file with all of the users’ data in it and uploads it to the MobileIron VSP. This registration method sends a notification to the user by SMS and/or email with the url to download and install the MobileIron app, instructions, and the information the user will need to enter during registration. The user must still download and install the MobileIron app in order to complete registration. The user has 24 hours to complete registration before a reminder is issued. The registration expires after 120 hours, although that timeframe is configurable. This method is not recommended over the in-app registration method because it creates more work for the Mobile IT team, particularly if there are errors in the .csv file, and does not reduce the amount of effort required by users to register their devices.
Registration through the MyPhone@Work User Portal
This approach involves using the MyPhone@Work user portal, which users can access to perform management functions on their phones such as register, locate, wipe, etc. The Mobile IT team will issue email invitations through the MobileIron VSP by checking a box next to each user who should receive the invitation. The invitation can be customized in the VSP, and provides the url for the MyPhone@Work user portal. Please note that the MyPhone@Work user portal is a web-based portal, and is not the same thing as the MyPhone@Work app, which resides on their device. The user then logs into the MyPhone@Work user portal and initiates the registration process for their device. The user will still need to download and install the MyPhone@Work app to complete registration. This method is not recommended over the in-app registration process because it requires more work from the Mobile IT team, as well as additional data entry from the users, increasing the likelihood of errors. This method is only recommended for very tech-literate users.
Web-based Registration for iOS Devices
The web-based registration process is only available for iOS devices and is an extension of the bulk registration method. It allows the Mobile IT team to initiate the registration process through bulk registration and then use the Pending Device Report to create a spreadsheet of registered devices with associated usernames and PIN and/or passcodes that will be necessary to complete device registration on behalf of the users, before issuing the device to them. If certain management features, such as jailbreak detection, location services, or in-house app distribution are not important for you, this method might be best, since you can deliver the devices to the user with no further action required on their part. However, if you need full management capability, including jailbreak detection, then each user will need to install the MobileIron app from the Apple App Store and complete in-app registration once they receive the device. Although the initial registration can be completed without the use of Apple IDs, an Apple ID will be required to complete in-app registration and take advantage of the full device management capability. Additionally, the bulk registration process automatically generates a text and/or email invitation to users, which users must be directed to ignore.
Less Common Approaches
The following two approaches are less commonly used due to their labor-intensiveness. A Professional Services engagement is recommended to ensure success with these approaches.
Manual Device Registration by IT
This device registration method is only appropriate for technically-challenged users who could not handle basic device registration on their own. It requires significant planning and time investment from the Mobile IT team. Essentially, the Mobile IT team manually configures each device for each user. In order to staff properly, you will need to determine the average registration time for each type of device (e.g. iOS or Android). Requirements include:
- Setting up an Apple ID or Google Account for each user on the device. Since IT is setting the accounts up, the Apple ID should be the user’s corporate email account. This may become confusing for the user if they also have a personal Apple ID.
- Identifying the corporate password for each user, as it will be required during in-app registration.
- Downloading and installing the MobileIron app on each device from either the Apple App Store or Google Play.
- Using the in-app registration process to register and configure the device.
- Providing each configured device to the end users, with the associated Apple ID or Google Account and password, and recommending that each user change their Apple ID or Google Account password and potentially their corporate password.
Although the bulk registration process will make the in-app registration less labor-intensive, it also automatically generates an invitation text and/or email to users. Since this method is typically used with less tech-literate users, the invitation email will likely cause issues, even if you warn users to ignore the email. For iOS devices, the web-based registration process can also be leveraged to help streamline the subsequent in-app registration, but the same text/email invitation issue remains.
Only a handful of MobileIron customers have used this registration approach due to its labor-intensiveness. If you must use this approach, a services engagement is recommended to assist with planning and execution.
A few customers have decided to use certain events where large groups of users are gathered, such as conferences or training events, to guide users through mass registrations. This approach requires detailed user instructions for best results. If you decide that you must use this approach, a Professional Services engagement is recommended to help guide you through planning and executing the registration process to ensure success. Additionally, given the visibility of this approach within your organization, MobileIron Support personnel should be alerted and available to assist should any technical issues arise.
If you are unsure about which registration method will work best for you, please consult your Professional Services Engineer during the installation engagement for guidance.
(Please note, this was taken directly from the MobileIron support website: http://support.mobileiron.com)