XenMobile Server

Sending group enrollment invitations in XenMobile

You can send enrollment invitations to groups and nested groups in the XenMobile Server. Enrollment invitations aren’t available for Windows devices.

When setting up the group invitation, you can specify one or multiple device platforms. You can also tag devices so that you can, for example, distinguish corporate-owned devices from employee-owned devices. Then, you set the authentication type for user devices.

Note:

If you plan to use custom notification templates, you must set up the templates before you configure enrollment security modes. For more information about notification templates, see Create and update notification templates.

For more information on basic configurations on user accounts, roles, and enrollment security modes and invitations, see User accounts, roles, and enrollment.

General steps

  1. Within the XenMobile console, navigate to Manage > Enrollment Invitations.

  2. Click Add toward the upper left of the screen and then click Add Invitation.

  3. Click Group from the Recipient menu.

    This step lets you choose one or multiple platforms. If you have a mix of different operating system platforms within your company, choose all platforms. Only clear the platform selection if you are sure that no users are using the particular platform.

  4. You can choose to tag devices during the inviting process. Choose Corporate or Employee.

    Tagging makes it easy to separate corporate-owned devices and employee-owned devices.

  5. In the Domain list, choose the domain in which the group exists.

  6. In the Group list, select the Active Directory group you want to send the invites to.

  7. The Enrollment mode allows you to set the type of authentication security that you prefer for users.

    • User name + Password
    • High Security
    • Invitation URL
    • Invitation URL + PIN
    • Invitation URL + Password
    • Two Factors
    • User name + PIN

    Note:

    To send enrollment invitations, you can only use Invitation URL, Invitation URL + PIN, or Invitation URL + Password enrollment security modes. For devices enrolling with User name + Password, Two Factor, or User name + PIN, users must manually enter their credentials in the Secure Hub.

  8. For the Agent Download, Enrollment URL, Enrollment PIN, and Enrollment Confirmation templates, choose the custom notification template that you have created in the past or choose the default that is listed.

    If you plan to use custom notification templates, you must set up the templates before you configure enrollment security modes. For more information about notification templates, see Notifications.

    For these notification templates, use your configured SMTP server setup within XenMobile. Set your SMTP information first before proceeding.

    Note:

    The Expire after and Maximum Attempts options change based on the Enrollment mode option that you choose. You cannot change these options.

  9. Select ON for Send invitation and then click Save and Send to complete the process.

Nested group support

You can use nested groups to send invites. Typically, nested groups are used in large-scale environments where groups with similar permissions are bound to each other.

Navigate to Settings > LDAP and then enable the Support nested group option.

Troubleshooting and known limitations

Issue: Invites are being sent out to users even though they have been removed from an Active Directory group.

Solution: Depending on how large your Active Directory environment is, it can take up to six hours for changes to propagate to all servers. If a user or nested group is removed recently, XenMobile might still consider those users as a part of the group.

So, it’s best to wait up to six hours before sending out another group invite to your group.

Sending group enrollment invitations in XenMobile