Skip to main content

Device Assignment & User Authentication

Purpose

When enrolling devices into Mosyle Education, there are three models of assignment to choose from:

  • Limbo: When enrolling a device into a Limbo state, the device is neither assigned to a User or a Shared Device Group. This allows for the device to potentially belong to all locations or no locations for purposes of receiving more generalized Management Profiles.
  • 1:1: This option indicates the device will be enrolled and assigned to an individual end-user.
  • Shared: When enrolling devices as Shared devices, they can be grouped together in Shared Device Groups. This is an easy way to organize a static group of devices. For iOS/iPadOS devices that will be designated as Shared, they can be either Mosyle Shared or Apple Shared iPad devices.

In order to scope configurations and profiles based on users or device groups, the Users and/or Shared Device Groups will need to be registered in Mosyle and devices will need to be assigned to their corresponding user or group. Device Assignment can be accomplished in multiple different ways using Mosyle MDM.

The ideal workflow when using Mosyle MDM is to automate the device assignment as much as possible to promote a hands-off deployment.

When a device isn't assigned to a specific user or shared device group, it is displayed as a “Limbo” device in Mosyle. Limbo devices can be configured by assigning configurations and profiles to all current and future devices and/or Limbo devices, rather than the user or shared device group.

Notes:

  • Apple TVs are always enrolled as Limbo devices. For these devices, profiles and configurations will need to be assigned based on the device or dynamic device group.
  • Devices enrolled using User Enrollment will be automatically assigned to the user based on the Managed Apple ID used to complete the enrollment.

 

Assigning Devices to Users

Configure Device Assignment Settings by going to My School > Users > Device Assignment. Here you can choose from the following:

  • User Authentication Assignment: Configure device assignment behavior based on user authentication. Detailed information is included below.
  • Random Automatic Assignment: Randomly pair an unassigned device with a selected user.
  • Spreadsheet Assignment: Upload a spreadsheet with the device serial number and corresponding User ID to complete device assignment.

Devices can also be assigned to users manually at any time within the Mosyle MDM web console by viewing the Device Information or User Information.

  • Device Info: When assigning a single device to a user, you can use the Device Info screen to complete the assignment. To do this, go to Management > Devices > Devices Overview > Click the device name to open the Device Info window. Next to Type, click Change and choose either 'Change to 1:1 (assign to student)', 'Change to 1:1 (assign to user)', or 'Change to shared' and select the user or Shared Device Group to assign the device. 
  • User Profile: When assigning a single device to a user, you can use the User Profile screen to complete the assignment. To do this, go to My School > Users > Find and select the user > Click Assign one Device > Select the device. 

User Authentication Assignment

By default, when a user authenticates on a device, the device will be assigned to the user and remove the assignment of any other device of the same OS from the user. Administrators can modify or adjust this behavior within the User Authentication Assignment settings under My School > Users > Device Assignment.

The User Authentication Assignment settings offers three main options:

  • Only auto-assign devices not already assigned to a user: This option will ensure that a user is assigned to the device in Mosyle when authenticating via the specified method ONLY if the device was not already assigned to a user. If the device was already assigned and another user logs in, the device will remain assigned to the original user.
  • Auto-assign the device to the user: This option will ensure that a user is assigned to the device in Mosyle when authenticating via the specified method. Devices that are already assigned will change assignment when the new user authenticates and devices not already assigned will be assigned. When this option is configured, the assignment can be removed when a user logs out of the application.
  • Do NOT auto-assign the device to the user: This option will prevent users from being assigned to a device when authenticating via the specified method.

Devices assigned to Shared Device Groups will never automatically be converted to 1:1 devices. When a user authenticates on a Shared Device, it will remain shared but will reflect the current user logged in so that any/all profiles assigned to the user can be applied.

Assignment Methods

Methods for assigning devices to end users via authentication include the following:

  • Personalized enrollment URL: When devices are enrolled manually using the Safari URL, users can use their own personalized enrollment URL to complete the enrollment and assignment of the device. Find the user's enrollment URL under My School > Users > Click the User to view the enrollment URL.
  • Mosyle app login: Users can login to the Mosyle Manager app with their Mosyle access code, User ID, email address, or Single Sign-On credentials to complete the device assignment. To allow users to login to the Mosyle Manager app with their Single Sign-On credentials, configure Single Sign-On for the iOS/iPadOS and macOS apps under My School > Preferences > Single Sign-On./li>
  • SSO Authentication during Automated Device Enrollment: Users can authenticate with their Single Sign-On credentials within the Custom Setup Assistant to complete the device assignment.
  • Mac user account login: Users can login to their local user account on the Mac to complete device assignment if the local user account name is the same as their User ID in Mosyle.
  • Mosyle Auth: Users can login to the Mac using their SSO credentials via Mosyle Auth to complete the device assignment.

In most cases, user authentication with their school or district Single Sign-On credentials is the preferred method due to the user familiarity with the credentials and ability to automate the assignment flow. Three frequently used methods for assigning devices to users are described below.

Back to top