iOS Device initiated Enrollment

The entire process is driven on the device and the user need not leave the Enterprise Store. If enrollment is successful, the device should be enrolled and its status should change to Enrolled .

The generic process to enroll a device is as follows:

Note: In EMM 2.5 onwards, while enrolling iOS devices, all CSR requests from iOS devices are routed through EMM server to SCEP server.

Note: For iOS devices, enterprise store on a deactivated device from a previous enrollment, a user can enroll the device through enterprise store.

Authentication

1. To download the enterprise store from the Kony Enterprise App Store, the user must provide the following credentials:
   1. Company Name (optional)
   2. User name
   3. Password

   You can download an Enterprise store through two ways of authentication:

   • Using Kony Management suite user login credentials
   • Using Kony Fabric Identity Service OAuth 2.0 user login credentials

   Important: Ensure that pop-ups are enabled in your web browsers. If pop-ups are not enabled, you may not see the log in page.

Server Side Authentication and Verification

1. The details provided by the User are authenticated.
2. The EMM Server ensures that the device is not enrolled, not associated with any other user and allowed to enroll. Once this is ascertained, the server signals the agent to proceed with the enrollment.

Terms Acceptance

1. Once the authentication and verification is successful, the Terms and Conditions (T&C) are shown to the user.
2. The User must accept the terms specified. If the User does not accept the Terms, the enrollment process is aborted and the Device goes into the Terms Not Accepted state.

Download and Install Profile

User should download the EMM Profile and install the same to complete the process. You need to enable Cookies while downloading Kony EMM enterprise store.

1. The User is requested to affirm any prompts by the application.
2. Once, the installation is complete, System displays the confirmation message that device is successfully enrolled with Kony EMM. This marks the completion of enrollment of the device.

Important: If MDM profile is already installed, but device enrollment does not happen, then delete the MDM profile and try to enroll the device again. If you experience difficulties in removing MDM profiles, then restart the device, go to Airplane mode, and then remove the profile.

 

To perform iOS Device initiated Enrollment, follow these steps:

1. Enter application URL in the device based browser.
   
   

   

   The Log-in page appears.

   If JavaScript is turned off, the app logo image is not visible in the container download page in Safari browser.

2. Enter your log-in credentials. These details are sent to the Server along with the device information.

   Important: Based on users’ existence in multiple ADs and sources, users need to provide domain and source details for authentication. For more details, refer to Login > Authentication Scenarios
   

3. After verifying the credentials the system displays the confirmation message. Click the Install button. The installation starts.
   
   

   

   The above image indicates that installation process is in progress.

   

4. The enterprise store is installed on device.

   Important: From iOS 9 onwards, a pop-up appears to trust the app profile. Navigate to Settings > General > Profile > {Select Profile} >and the click on Trust {Profile Name}.

5. 

   Kony EMM Login page appears.

6. Enter your User Id and the Password.

   Note: The Device Users is required to Authenticate themselves by providing User Name and Password. These details are sent to the Server along with the device information. The details provided by the User are authenticated. The EMM Server ensures that the device is not enrolled,not associated with any other user and allowed to enroll. Once this is ascertained, the server signals the agent to proceed with enrollment. If Verification fails, The Device goes into the status based on type of verification failure.

7. The system verifies the credentials. Once the authentication and verification is successful, system displays the Terms and Conditions.

   

8. You must accept that you have read and agree to the terms specified. Click the I Agree button. If you do not accept the terms, the enrollment process is aborted and the device goes into terms not accepted state.

   Note: If a user tries to re-enroll a completely wiped device listed under Enrollment Denied List, the device displays the Terms and Conditions page, in a loop every time a user tries to log in. In Enterprise wiped device it works as expected.

   

9. Click the Install button to install Profile on your device.
   
   

   

10. The System displays the Warning message. Click the Install Now button to proceed.
    
    

    

    The Profile is verified.

    

11. Read the Warning message carefully. Click the Install button to install Profile on your device.

    

    The system generates the key.

    

12. The profile is installed on your device. Click the Done button.
    
    

    
    

13. The system displays the confirmation message. Click OK to proceed.
    
    

    
    

14. The system displays the confirmation message. Click OK to proceed.
    
    

    

15. The system displays the Device particulars such as Device OS Version, Carrier and so on. Click the Exit button to close the window.

Copyright © 2018 Kony, Inc. All rights reserved.