The reseller must be provided with a Gmail address and associated company name at the time of order. Multiple Gmail addresses can be assigned to a Securepoint Unified Security instance Only one company name can be assigned to each Gmail address.
Establish a link with Zero-Touch
Link Securepoint Unified Security Tenant (end customer) to a Gmail address registered in Google's Zero Touch portal
Requirements
A Gmail address,
which was provided to the dealer when the device was ordered.
To avoid unwanted side effects, a new account should definitely be created.
It is recommended to use a naming scheme here: mdm.$customer_name@gmail.com
notempty
If the account is suspended by Google or deleted by the owner, all devices will be reset. It is essential to ensure that this Google account is not deleted under any circumstances, or that the GMail address is blocked.
Configuration
Configuration in the Securepoint Mobile Security Portal under Mobile Security Settings of the respective end customer/tenant in the section Android Zero Touch
Step 1: Dialog: Add
Step 1: Dialog: Add
Add/Link
Opens the dialog for adding a link
Step 2
Access data for Google account
Step 3
Grant access permission
A security alert from Google is sent via email: "Securepoint Unified Security has been granted access to your Google account".
Step 2: Login data
Step 2: Login data
Enter the access data to the Google account that was registered with the dealer when ordering mobile devices
Step 3: Grant access permissions
Step 3: Grant access permissions
Grant access permission so that the portal can access the Google account as needed
A security alert from Google is sent via email: "Securepoint Unified Security has been granted access to your Google account".
Step 4: Finalize
Step 4: Finalize
Confirm
The Google user account has been successfully added for Zero-Touch configuration. Finish with the Confirm button.
Finish with the Confirm button
Result
Result
Google account linked to Zero-Touch
Zero-Touch entry in the Settings menu
If the retailer has already stored the IMEI or serial number in Google's Zero Touch portal, the device will appear in the Mobile Security Android Devices menu with a Zero Touch tag in the header of the device tile.
Registration in the menu Mobile Security Android Zero-Touch
Either
Add device to an existing configuration:
Edit configuration: Click on the device tile (or via the hamburger menu in the device tile at the top right) / Edit)
if necessary, select a new valid enrollment token
Enrollment tokens are valid for a maximum of 30 days
Select device(s) by IMEI or serial number
Save information
or
with the button Add configuration
select enrollment token
select customer
Fill in other details (company name, contact details...)
Select device(s) by IMEI or serial number
Save details
As soon as the device is connected to the Internet for the first time or after a factory reset, the profile is pushed to the device and the connection to the MDM is established. The enrollment on the device itself is, depending on the configuration, exactly as described in the sections COPE, COBU or COSU. Only the scanning of the enrollment token is omitted!
Name:
Demo TTT-Point
Configuration name
Menu for adding zero touch devices
Enrollment token
Profile: Selected profile | Token abCD12
The selected enrollment token (as created in the Devices / Enroll new device menu) will be applied to all devices enrolled with this configuration.
Since sensitive data and access can be pushed with the settings, it is strongly recommended to use an enrollment token with code. This ensures that only authorized users can access the configured device.
Customer:
SecurepointCustomer
The description for the customer as it was transmitted to the device retailer. If several Gmail addresses were linked to the zero touch portal, different descriptions can be selected here.
Standard
Defines whether this configuration is the default or not. When is enabled, new zero touch devices are automatically added to this configuration unless another is specified Note: At least one configuration should be defined as default.
Company
TTT-Point AG
Freely selectable designation for the company to which this device is to be assigned.
E-mail
admin@anyideas.de
Contact Email Address Displays on mobile during the setup process when IT Administrator is tapped on the "This device belongs to your organization" screen.
Phone number
01234-56789
Contact phone number display see above
Custom message
Welcome to TTT-Point
Shown on the display during device setup
Devices
×123456789012345
This configuration can be assigned to devices based on their IMEI or serial number
The box is only active if a customer has been selected as well
Save
Saves the configuration
Zero touch configuration with assigned device
Closing by user
The end user must now switch on the device for the first time and establish an Internet connection. The configuration from the profile is then automatically applied to the device.