User Enrollment

Once the users are added to the Scalefusion Dashboard, you can then Invite them to enroll their devices as described in the Inviting the Users section

Below is an explanation of how to invite users to enroll their devices, along with settings that allow users to enroll the devices directly by logging in to their respective Identity Providers.

Prerequisite

1. Users should be added/imported to the Scalefusion Dashboard

Inviting the Users

Once you have added the users, the next step is to invite them to enroll in Scalefusion. Follow the steps below to invite them to enroll.

1. Sign In to Scalefusion Dashboard and navigate to Enrollment Configurations > User Enrollment
2. To invite one user click on the Invite/Email action from the action menu in the user listing screen. To invite multiple users, click on the checkbox next to each one of them and then click on the INVITE ALL button at the top of the page.
3. You will be shown the Invite Wizard, which is of 3 sections,
   1. Select Config: First, select the QR Code configuration that you have created earlier.
      
      Only QR code configurations with device profiles will be listed here. The QR code configurations that have User Groups attached to them will not be listed.
      
      
   2. Configure Email: Configure the Email template that will be sent out to the users. You can configure only the Welcome (top) and Thank You (bottom) notes of the email. The rest of the email is reserved for use by Scalefusion.
      Choose Platforms: Based on the QR Code configurations you have created, the platforms are displayed. Select the platforms to which the email has to be sent.
      If the settings to enforce users to sign in with GSuite / O365 / Okta / PingOne are enabled, at the time of enrollment, users would be asked to authenticate and Sign In using their respective Identity Provider's credentials to begin the enrollment instead of verifying via OTP.
      
   3. Review Users: Review the users to which the invite will be sent, and click SEND
4. The users will get an email from Scalefusion with instructions on how to download and enroll in Scalefusion. Please refer to our Enrolling an Employee Owned Deviceguide to learn how the user experience would be.
   Note:

   Users can also be invited from the QR Code Configurations section. Navigate to Enrollment Configurations > QR Code Configurations, select the BYOD configuration and click on the Invite Users button

Viewing Enrolled Devices

Once your users start enrolling their devices, you can see all their devices under the Devices section. However, if you want to precisely see the mapping of users and their devices, then you can use the View action next to each user to get the details.

Deleting a User

1. To delete a user completely from your organization, use the Delete action from the action menu. This will not only delete the user but delete all the work apps and the data from their enrolled devices and remove their devices from the Dashboard.
   
2. If you just want to delete just one device of the user, then you can view the list of enrolled devices of that user and select the delete action. This would remove the work apps and all their data only on the selected device.

Enrollment & Sync Settings

By configuring these settings, the users at the time of enrollment on their devices can be authenticated by signing in with their respective Identity Provider's credentials instead of verifying via OTP. The settings are explained below:

GSuite / O365 / AD SSO users

1. On Scalefusion Dashboard, navigate to Enrollment Configurations > User Enrollment
2. Click on the Enrollment & Sync Settings button
   Only subscribers to Legacy and New Enterprise Plan can access Settings. The rest of them will get an option to upgrade.
   
3. The Enrollment & Sync Settings dialog box opens. Configure the following:
   1. User Sync & Enrollment Settings
      1. Configure mapping for Username field: When importing users from external identity providers (IdPs), administrators can choose to set the username based on the email address prefix (e.g., user.name from user.name@domain.com). This setting allows the administrator to select which field from the source data should be used while importing users. It can be on the basis of one of the following:
         1. Display Name / First & Last Name
         2. Email
            Note: This setting does not apply to previously imported users.
      2. Default device limit for imported users: Configure the number of devices which imported users can enroll by default.
      3. Enforce users to sign in using GSuite / O365 / AD (Active Directory): By default, this toggle is set to OFF. If set to ON, users will be asked to sign in using their GSuite credentials.
         1. Allow OTP-Based Fallback on Android devices: Allows OTP-based enrollment on devices where there are issues during authentication via IdP/SAML either due to lack of compatible browser or the user forgetting their credentials.
   2. User Group Sync Settings
      1. Select Sync duration for User Group changes: With this setting, you can configure the duration (in days) in which changes like user addition, deletion, and group switch made on the Gsuite/O365 portal should be synced automatically with the Scalefusion dashboard. By default, it is set to 2 days. You can choose from 1 to 5 days.
      2. Send Automatic Invite Emails for Imported users: Sends automatic invite emails to any newly imported users to any user group. By default, this is OFF.
      3. Automatically Remove Management/Policies on Deleted Users: When enabled, this removes all user management policies from user's devices when Scalefusion detects that user(s) have been deleted. In other words, deleting a user from the portal will delete management from the device as well and on the dashboard, the device will show as unmanaged. If this flag is enabled, during save, it will ask the admin to enter the PIN.
4. After configuring all the settings, click Save
   

SAML users

For users signed in with SAML credentials (Okta or PingOne), the following Settings are configurable:

User Sync & Enrollment Settings

1. Configure mapping for Username field: When importing users from external identity providers (IdPs), administrators can choose to set the username based on the email address prefix (e.g., user.name from user.name@domain.com). This setting allows the administrator to select which field from the source data should be used while importing users. It can be on the basis of one of the following:
   1. Display Name / First & Last Name
   2. Email
      Note: This setting does not apply to previously imported users.
2. Default device limit for imported users: Configure the number of devices which imported users can enroll by default.
3. Enforce users to sign in using SAML SSO: By default, this toggle is set to OFF. If set to ON, users will be asked to sign in using their GSuite credentials.
   1. Allow OTP-Based Fallback on Android devices: Allows OTP-based enrollment on devices where there are issues during authentication via IdP/SAML either due to lack of compatible browser or the user forgetting their credentials.
      

Enrolling Devices

Once the invitation is sent from Scalefusion Dashboard, the users will get an email from Scalefusion with instructions on how to download and enroll their devices into Scalefusion. Please refer to the following guides to learn how user(s) can enroll their devices:

1. Android
2. Windows
3. iOS
4. Mac