Devices provisioning
- Supported devices
- Enrollment tokens
- Personally-owned devices
- Company-owned devices for work and personal use
- Company-owned devices for work use only
- Zero-touch
Supported devices
In general, any device running Android 5.1+ with Google Play Services is compatible with Cerberus Enterprise.
For a better user experience we suggest to use devices that meets the Android Enterprise Recommended requirements.
Some functionalities are limited to specific Android versions, or can behave differently on different OS versions. For more information about a specific functionality, please read the Policies section of the documentation.
Cerberus Enterprise supports both company-owned and personally-owned devices, and two management modes, device owner and profile owner.
Personally-owned devices can be managed through a work profile, so you can implement a BYOD solution keeping employee's data and apps separate from personal one, for a better security and privacy on both ends. This option is suitable for devices already owned by employees, that you can enroll into your organization for securely use also at work.
Company-owned devices can be managed through a work profile too, but you also have the fully managed option, that allow a more strict control over the device. Company-owned devices with work profile are suitable when you want to provide company devices to employees for use at work, still allowing to use this devices also for personal use. The fully managed option, instead, is better suited for devices that must only be used at work, or for dedicated devices (COSU or corporate-owned single-use) like kiosk.
For more information on device provisioning please read the Devices provisioning section.
Enrollment tokens
Cerberus Enterprise uses enrollment tokens to trigger the provisioning process. The enrollment token and provisioning method you use establishes a device's ownership (personally-owned or company-owned) and management mode (work profile or fully managed device).
To create a new enrollment token, go to Enrollment tokens section in the dashboard, then click the New enrollment token button.
1. Options
When creating a new enrollment token you can specify some parameters, that determines some aspects of the provisioning, depending on your needs.
1.1. Policy
Required field. This is the policy that will be automatically applied on all devices enrolled using the token. You can select one of the policy you created in your account. If you don't have any policy in your account, you must create one first.
1.2. User
The user that will be automatically associated to devices during provisioning.
1.3. Personal usage
1.4. Duration
1.5. Allowed usages
2. Provisioning options
These additional options are applied during the provisioning of fully managed devices enrolled scanning a QR code. They do not apply to work profiles or devices enrolled using other provisioning methods.
If you set a WiFi configuration, a device can automatically connect to the specified network without user interaction during device provisioning for downloading the mobile device management application.
Personally-owned devices
Enrollment token link
Add work profile from "Settings"
These steps initiate a setup wizard that downloads Android Device Policy on the device. Next, the user will be prompted to scan a QR code or manually enter an enrollment token to complete the work profile setup.
Download Android Device Policy
Company-owned devices for work and personal use
- Most app, data, and other management policies apply to the work profile only.
- The employee's personal profile remains private. However, enterprises can enforce certain device-wide policies and personal usage policies.
- Enterprises can use Block scope to enforce compliance actions on an entire device or only its work profile.
- Device disenrolling and device commands apply to an entire device.
QR code method
Company-owned devices for work use only
QR code method
DPC identifier method
Zero-touch
IT admins can provision company-owned devices using the zero-touch enrollment method, outlined in Zero-touch enrollment for IT admins. When a device is first turned on, the device is automatically forced into the settings defined by the IT admin.
IT admins can preconfigure devices purchased from authorized resellers and manage them using the Cerberus Enterprise dashboard. To link your Zero-touch account, go to Zero-touch section in the dashboard, then follow the instructions.