With SafeConsole 5.2+, device registration can be restricted by requiring all users to enter a unique token along with the standard connection-token. (Requires device client version 4.8.25+ or Unified Client 6.x) To simplify registration, "Disable machine ownership confirmation during registration" can be enabled to provide a smoother registration experience while remaining secure.
Benefits of using the Unique Token:
- Guarantees that the device will be registered to the user that you have selected. This means you know exactly what policy will be tied to the device.
- Admins can register a device on behalf of a different user. This is useful for admins to pre-register devices for end-users.
- Only users that know their unique token will be able to register a device to the server. This stops someone from registering a rogue device to the server.
The unique token will be sent to the user through email when using the deployment wizard. An excerpt from the quick connect guide which is emailed to the user is below:
Optionally, the unique token can be shown by clicking the User’s name on the User Page.
When devices are activated with the unique token the user’s policy will be used for device registration instead of the default policy. The user’s policy will need GeoFence and Trusted Network configured to allow access. If the user is outside the GeoFence or Trusted Network registration will be blocked.
Connecting to SafeConsole with Unique Token enabled will give the user the following experience:
They will first need to enter the connection token for the server.
Then they will need to enter their unique token.
Finally, they will continue the activation process like normal by simply setting a valid password.