Onboarding Token

An onboarding token is a secure credential generated in an MDM console that authorizes devices to enroll into an organization’s enterprise. Onboarding tokens are typically represented as QR codes and can be configured with expiry dates, usage limits, and policy assignments.

Token Generation

IT administrators generate onboarding tokens in the MDM console. When created, tokens can be configured with specific parameters like enrollment policies to apply, device group assignment, or usage limits (how many times the token can be used).

Token Representation

Tokens are typically displayed as QR codes that users can scan during device setup. Some MDM platforms also allow tokens to be displayed as text strings or transmitted through other channels.

Enrollment with Token

During device provisioning, users enter setup mode and scan the QR code containing the onboarding token. The device reads the token and initiates enrollment, automatically applying the configured policies and settings.

Token Security

Onboarding tokens are single-use credentials that authenticate device enrollment. Tokens should be treated as secure credentials and not shared in insecure channels. Tokens typically expire after a configured period if unused.

Expiration and Limits

Administrators can set token expiry dates so tokens used for device procurement are only valid during the expected deployment window. Usage limits can be configured so a token can only enroll a specific number of devices.

Bulk Enrollment

For large deployments, administrators can generate multiple tokens, each configured for different device groups or policies. Different departments or locations can receive different tokens with appropriate configurations.

Token Revocation

If a token is compromised or accidentally shared, administrators can revoke it through the MDM console, preventing further enrollment attempts. This ensures security if tokens are not handled carefully.