Skip to main content

Zero-touch Enrollment

Enable zero-touch enrollment with account authorization and Wi-Fi configuration, ensuring devices auto-connect and register securely.

Updated over 2 weeks ago

Note: Zero-touch enrollment is based on an Android Enterprise account. Please bind the Android Enterprise account before performing relevant operations for zero-touch enrollment.

Register Android Enterprise Account

1. Features and Objectives

The Zero-Touch Enrollment module is designed to simplify the initialization and onboarding of large-scale devices, enabling plug-and-play, hands-free automated deployment. By pre-configuring Wi-Fi access information and completing account authorization in the KiwiCloud Console, devices can automatically connect to the network and register with the platform upon startup, ensuring fast, secure, one-click enrollment.

Key Objectives:

  • Provide an account authorization mechanism to ensure unique and secure device enrollment;

  • Support Wi-Fi access parameter configuration so devices can automatically connect to the network after registration;

  • Integrate with the Zero-Touch Customer Portal for extended configuration management and initialization options;

  • Minimize manual scanning or configuration tasks, enhancing efficiency in bulk delivery and deployment.

Core Functions:

  1. Account Authorization

    • Bind the Zero-Touch Customer account to connect enterprise devices with KiwiCloud (KC).

    • The account must be provided by the device reseller to ensure legal authorization and secure access.

  2. Configuration Management

    • Pre-configure Wi-Fi access data in the KC platform so devices automatically connect to the designated network after registration.

    • Additional advanced parameters can be configured in the Zero-Touch Customer Portal and linked to the devices.

Typical Use Cases:

  • Channel Delivery: Resellers complete account binding and Wi-Fi configuration before bulk delivery, allowing end users to use the device immediately after startup.

  • Cross-Region Deployment: Enterprises predefine unified network access parameters for branch offices, ensuring devices connect and register automatically upon startup.

  • High-Frequency Replacement: Storefront or frontline business devices can be replaced by simply powering them on to complete registration, without manual intervention.

2. Configuration Management

Description

Configuration Management in the KiwiCloud platform allows administrators to predefine Wi-Fi access details and generate Device Policy Controller (DPC) extras. When devices are enrolled into KC via Zero-touch Enrollment, they automatically use this configuration to establish network connectivity and complete initialization. This feature simplifies the first boot process, ensuring bulk devices can connect to the enterprise network in a plug-and-play manner.

Key Functions:

  • Configure Wi-Fi access details (SSID, security type, password).

  • Submit and save configuration data as parameters of the Enterprise Default Profile.

  • Combine with Account Authorization to automatically apply submitted parameters to newly registered devices.

  • Support more advanced parameter settings (e.g., locale, timezone) via the Zero-touch Portal → Configuration.

Notes

  • Information submitted in Configuration Management is only stored in the KC platform and will not sync to the Enterprise Default Profile in the Zero-touch Portal.

  • To update Wi-Fi configurations for newly registered devices, you must first unbind the Zero-touch Customer account in Account Authorization, then rebind it so the new configuration takes effect.

  • To extend existing configurations (e.g., locale, timezone settings), please configure them directly in the Zero-touch Portal → Configuration.

  • For parameter specifications and configuration examples, refer to Google’s official documentation: Create a QR code.

  • It is recommended to standardize network access details to avoid inconsistent configurations that could cause device registration failures.

Steps

image-20250828114337715

  1. Access the Configuration Page

    • Navigate to Zero-touch Enrollment → Configuration Management.

    • Click Add Configuration to open the parameter entry form.

  2. Fill in Wi-Fi Parameters

    • Enter SSID (required).

    • Select Security Type (e.g., WPA/WPA2-Personal).

    • Enter the Password.

  3. Submit Configuration

    • Click Submit to save the configuration.

    • Saved configurations will automatically apply to devices enrolled into KC via Zero-touch Enrollment.

  4. Follow-up Actions

    • If you immediately perform Account Authorization, the Wi-Fi information will be included in the Enterprise Default Profile and applied to newly registered devices.

    • If you need to modify Wi-Fi information later, first unbind and then rebind the Zero-touch Customer account to ensure the new configuration takes effect.

3. Account Authorization

Description

Account Authorization is used to bind the enterprise’s Zero-touch Customer account with the KiwiCloud platform. Once authorized, the system will automatically sync the device information under this account to KC. When devices are powered on, they will complete automatic registration and policy application according to the preconfigured settings.

Through account authorization, enterprises can achieve bulk device import, unified management, and remote configuration, avoiding inefficient manual registration.

Notes

  • The Zero-touch Customer account must be provided by the device reseller. Enterprise administrators should obtain this account from their purchase channel.

  • The authorization process requires verification using the Zero-touch Customer account. Please ensure the correct account is used.

  • If enterprises need to update previously submitted Wi-Fi configurations in KC and apply them to subsequently registered devices, they must first unbind the Zero-touch Customer account in Account Authorization, then rebind it. Only then will the new configuration take effect.

  • Once authorized, device information is automatically synced to KC, and enterprises can view devices in the console for grouping, policy configuration, and application management.

Steps

  1. Access the Account Authorization Page

    • Navigate to Zero-touch Enrollment → Account Authorization.

    • Click Next to start the account binding process.

  2. Select Google Account

    • Redirect to the Google account selection page.

    • Select the Zero-touch Customer account provided by the reseller, or click Use another account to enter new credentials.

  3. Confirm Binding

    • On the confirmation page, select the account to be associated.

    • Click Link to complete the binding.

  4. Complete Account Authorization

    • The system will display a message: “Zero-touch account has been associated”.

    • Configuration data will automatically sync and apply to all future devices purchased under this account.

  5. Add Support Information

    • Admins can enter company name, email, phone number, and support details.

    • After filling in, click Save. These details will be shown to end users during device initialization, making it easier to contact support.

  6. View Binding Results

    • In the KC console, view the bound Zero-touch account and configuration details.

    • You can also unbind the account or modify support information as needed.


Related Articles
QR Code Enrollment
Zero-touch Enrollment
Android Enterprise
QR Code Enrollment
Registration Management
Did this answer your question?