BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  • Provisioning
  • How do I enroll a personal device in a work profile?
  • How do I enroll a managed or dedicated device via QR code?
  • How do I enroll a managed or dedicated device via Zero-Touch Enrollment?
  1. Product Guides
  2. Portal
  3. EMM Console
  4. Setup

Provisioning

PreviousPolicy ManagementNextDevice Management

Last updated 8 months ago

Provisioning

How do I enroll a personal device in a work profile?

Steps for IT Admin in the EMM

  1. Open EMM Console to the Policies screen.

  2. On the desired work profile policy, click Generate Enrollment Barcode.

  3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.

  4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

  5. Provide the codes (and their expiration date) to the end-users who will be enrolling their personal devices.

Steps for End-User on the Device

  1. In their personal Google Play store on their device, install .

  2. Open Android DPC to the Enroll this device screen and click Next.

  3. Scan QR code provided by the IT administrator or press Enter code to type code manually.

  4. Click View terms to review general work profile information about the IT administrator’s access and any organization-specific terms and conditions. Click Accept & continue.

  5. Once the work profile finishes loading, click Next.

  6. Profile registers. Screen continues to Set up your work profile with steps designated by the IT administrator.

  7. Follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.

  8. Click Install to install work apps. Click Next once complete.

  9. Click Done to return to device. It will now have a separate section for work profile apps (how these are divided may vary by device).

How do I enroll a managed or dedicated device via QR code?

Steps in the EMM

  1. Open EMM Console to the Policies screen.

  2. On the desired policy, click Generate Enrollment Barcode.

  3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.

  4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

Steps on the Device

  1. The device must start out at factory reset state.

  2. Press Start on the initial startup screen.

  3. If the device has a barcode scanner and has a built-in option to set up off of a barcode, scan the QR code now, which automates steps 5-6 and 8-9.

  4. Select and login to a WiFi network.

  5. When prompted to copy apps and data from the cloud, select Set up as new.

  6. When prompted to login to a Google account, in the Email or phone field enter the EMM token afw#setup and submit.

  7. The device will begin setting up for Android for Work, and will provide a View terms link to Google’s terms and conditions. Click Accept & continue.

  8. Enroll this device screen will display. Click Next.

  9. Scan the QR code or press Enter code to manually type in the code.

  10. When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.

  11. Click Install to install work apps. Click Next once complete.

  12. The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.

How do I enroll a managed or dedicated device via Zero-Touch Enrollment?

Steps for IT Admin in the EMM

  1. Open EMM Console to the Policies screen.

  2. On the desired policy, click Generate Enrollment Barcode.

  3. Create a name for the barcode and select a desired lifespan for the enrollment code, up to 30 days. Click Generate.

  4. Take a screenshot of the QR code and the 20-character manual-entry code or copy and paste them to a document for easy retrieval.

Steps to Add a Policy Configuration in Zero-Touch Portal

  1. Click Configurations in the navigation panel.

  1. Click + in the Configurations table to add a configuration.

  2. Configuration Name: Enter a name for the configuration.

  3. EMM DPC: Select “Android Device Policy.”

  4. DPC Extras should be left empty

  5. Company name: Enter company name as would like it displayed to the user during provisioning.

  6. Support email address: Enter the email address to be displayed on the provisioning screen for the user to contact with issues during setup.

  7. Support phone number: Enter the phone number to be displayed on the provisioning screen for the user to contact with issues during setup.

  8. Custom message (Optional): Enter a brief message to be displayed on the support contact info screen before provisioning.

  9. Click Add to save the configuration.

  10. Click Devices in the navigation panel.

  11. Locate the device to be configured with zero touch and set the appropriate configuration.

Steps for End-User to Provision Device

  1. Boot device for the first time or factory reset it. Press the Start button on the initial setup screen.

  2. If there are multiple options to proceed through setup (e.g. scanning a barcode and manual setup), zero-touch will block options other than manual setup.

  3. Device will display a message stating that it “will be managed and kept secure” by the organization. It will have a View terms link for Google’s terms and conditions and a link to the contact information that the organization’s IT administrator entered in the Zero-Touch Portal.

  4. Click Accept & continue.

  5. Android DPC is automatically installed. Enroll this device screen is displayed. Click Next.

  6. Scan the QR code or press Enter code to manually type in the code.

  7. When the device finishes updating, follow prompts to set a screen lock. Options may be limited by IT administrator’s security preferences.

  8. Click Install to install work apps. Click Next once complete. The device opens to its designated main page - either the Android home if a managed device, or the kiosked app/set of apps if a dedicated device.

Zero-touch enrollment is a process which configures Android devices to their owners’ specifications out of the box with minimal user selection. On first boot or factory reset, the device checks for a configuration, downloads the appropriate DPC, and proceeds through setup. In order for the company IT administrator to register for a customer zero-touch account, the company must receive its devices from a reseller with a reseller zero-touch account. For more information, see Google’s article on .

Register for a zero-touch portal customer account , or the company’s device reseller can add a customer account.

Android Device Policy Controller (DPC)
Zero-touch enrollment for IT admins
here