Assigning Devices to Users in MobileIron

MobileIron can pre-register devices to users. This powerful feature requires a little preparation.

First, in the MobileIron console visit Devices & Users > Devices > Add > Multiple Devices.

You will see a dialog with a number of buttons. Click “Sample CSV File” to download the CSV template.

Edit this file to remove all sample data. Keep the header row.

Begin inserting your data into this spreadsheet. Assuming all your users already exist (for example in Active Directory) you need only to fill in the minimum columns:

• User ID
• Country Code (the number “1” if U.S., blank if iPad or iPod)
• Number (“PDA” for iPads and iPods)
• OS (the capital letter “I”)
• E/C (“C” for corporate-owned devices)
• Source (“D” for Active Directory users or “L” for local users)
• Notify User (“FALSE”)
• Serial Number

All other columns can (and should) be blank.

The file must be uploaded using a very specific sequence, but unfortunately does not provide a wizard. First, click “Browse” to find the file. Then click “Import File” and review the data that appears in the window. If it looks good, click “Apply” to perform the import. Finally click “Close.”

No change needs to be made to GroundControl, which will feed the devices into MobileIron where they will receive the correct associations. However we do recommend setting the lock screen in GroundControl to show the username, to help you deliver the right device to the right user.

To set the lock screen:

1. Create a attribute called “User” (or similar)
2. Create a spreadsheet with two columns: “Device Serial” and “User”
3. Import this spreadsheet into Devices
4. In your workflow, add an action to Set Wallpaper. Add custom text to the lock screen that includes the “[User]” attributes.

Now when you begin deploying devices using GroundControl, GroundControl will print the username on the Lock Screen, and MobileIron will associate the device to the user. No password or PIN will be needed for enrollment.

If you have already deployed devices, and do not wish to erase them, you may use MobileIron’s “Multi-User Secure Sign-In” function to assign users. This is a webclip that is in MobileIron’s Policies & Configs > Configurations. If you assign this webclip to one or more labels, the webclip will install on associated devices.

On each device, open the webclip. Notice that it reports the currently signed-in user. Click Sign Out, and you will be prompted to sign in again.

Of course, this technique requires touching every device.