With SafeConsole 5.2+, device registration can be restricted by requiring all users to enter a unique token along with the standard connection-token. (Requires device client version 4.8.25+ or Unified Client 6.x) To simplify registration, "Disable machine ownership confirmation during registration" can be enabled to provide a smoother registration experience while remaining secure.
In order to "Disable machine ownership confirmation during registration", Click on 'Server Settings' then 'General' in the left-hand side panel and add a checkmark as per the screenshot below.
Benefits of using the Unique Token:
- Guarantees that the device will be registered to the user that you have selected. This means you know exactly what policy will be tied to the device.
- Admins can register a device on behalf of a different user. This is useful for admins to pre-register devices for end-users.
- Only users that know their unique token will be able to register a device to the server. This stops someone from registering a rogue device to the server.
In order to enable 'Unique tokens', Click on 'Server Settings' then 'General' in the left-hand side panel and add a checkmark as per the screenshot below.
The unique token will be sent to the user through email when using the deployment wizard or from the User details page. An excerpt from the quick connect guide which is emailed to the user is below:
Optionally, the unique token can be shown by clicking the User’s name on the User Page.
When devices are activated with the unique token the user’s policy will be used for device registration instead of the default policy. The user’s policy will need GeoFence and Trusted Network configured to allow access. If the user is outside the GeoFence or Trusted Network registration will be blocked.
Connecting to SafeConsole with Unique Token enabled will give the user the following experience:
They will first need to enter the connection token for the server.
Then they will need to enter their unique token.
They will continue the activation process like normal by simply setting a valid password.
Lastly, they will chose the file system they want to use to format the drive.