3. Client Enrollment
Please follow each section that corresponds with the device types you want to enroll in FileWave.
You will notice that some device types, such as iOS and macOS, contain new information, while Windows and Chromebooks redirect to a previous section.
- Android Enrollment
- Apple ADE Enrollment
- Apple Manual Enrollment
- Using LDAP to enroll macOS/iOS/Android devices
- Chromebook Enrollment
- Windows Enrollment
Android Enrollment
Enrolling Android devices to FileWave
If you haven't already, please consult the Client Pre-Requisites > Android section to learn how to enroll Android EMM devices into FileWave.
There are several ways to enroll Android devices;
Devices in Safe Mode may not be enrolled
QR Code or afw#setup Enrollment
In FileWave Central, create an Android enrollment token from Assistants > Enroll Android Device....
You can create multiple tokens. For normal evaluation work, select Multiple enrollments and use the Duration field to enter the number of years the token should remain valid. The dialog defaults to 2 Years, and Android enrollment tokens are no longer limited to 30 days.
Make sure the device is fully wiped to factory settings and is not yet activated. Most modern Android versions can commence the process by either:
- Tapping the screen seven times (in the same spot)
or - Entering
afw#setupin place of a Google account.
Enter the Wi-Fi code and scan the QR code. A few minutes later, accept the prompt to Install Work Apps. This will install the FileWave Client.
On completion a summary will appear. Click Setup.
Where auto enrolment is configured in the New Client > Enrolled Mobile Devices, the device should appear within a few minutes. Otherwise use the New Client window to accept the device and then Update Model.
Android BYOD (EMM)
Android BYOD (Bring Your Own Device) Enrollment, also known as Android Enterprise Work Profile, is a method of enrolling personal Android devices in an Enterprise Mobility Management (EMM) system. This allows organizations to manage and secure corporate data and apps on employees' personal devices, while maintaining user privacy and keeping personal data separate from work data.
In this enrollment method, a work profile is created on the user's personal device, which acts as a separate container for work-related apps and data. This ensures that the organization can only manage and access the work profile, without interfering with the user's personal data and apps.
Android BYOD Enrollment offers several benefits, such as:
- Increased flexibility: Employees can use their personal devices for work, reducing the need for organizations to provide dedicated work devices.
- Enhanced security: Corporate data is secured within the work profile, preventing unauthorized access and data leakage.
- Improved privacy: Users maintain control over their personal data and apps, as the organization can only manage the work profile.
- Simplified management: EMM administrators can easily manage and configure work profiles, apply policies, and distribute apps to enrolled devices.
To implement Android BYOD Enrollment, organizations need an EMM solution that supports Android Enterprise, such as FileWave. The EMM solution will guide users through the enrollment process and help administrators manage and configure work profiles on enrolled devices.
Getting Started with BYOD (EMM)
Before starting BYOD enrollment, complete the Android EMM setup at the start of this article.
After going through the EMM setup, continue with the next steps.
- Download Android device policy App (https://play.google.com/store/apps/details?id=com.google.android.apps.work.clouddpc&hl=en_US)
- From the App scan the Enrollment QR code
- Add the devices to admin as normal
- (Observe) you will have a "Play Store" app and a "Work Play Store"
The devices will have the same icon in admin.
If the Inventory field "Is User-Owned" is True, the device is a BYOD.
Add this field as a column in the client view when you need to distinguish fully managed Android devices from BYOD/work-profile devices.
Enrollment Workflow (EMM)
If you have a Google Policy Fileset with Wi-Fi or other network information, select it when you generate the QR code. FileWave includes that network configuration in the enrollment QR code, which makes first-time setup easier on wiped devices.
| Figure 1.1 - WiFi selected in enrollment QR |
The QR code that is generated contains the WiFi password in plain text.
DO NOT leave the QR code just sitting around.
Android EMM Location Tracking
Android EMM devices need to install a FileWave "companion" application onto the device that will send us location data. Reference Force Location for EMM Android Devices for details.
Apple ADE Enrollment
Benefits of ADE Enrollment
iOS, iPadOS, visionOS, tvOS, and macOS can use Apple Automated Device Enrollment (ADE). ADE applies the assigned setup configuration during activation, enrolls the device with FileWave after a reset, and can prevent the user from removing the MDM profile when Apple supports enforced management for that platform and enrollment.
If you have not already created your Apple Push Notification Service Certificate (APNS) or configured ADE to sync with FileWave, please review the Platform Integrations > Apple Integration section before continuing.
Creating ADE Profiles
FileWave 16.4 and later: macOS ADE profiles can manage Mac-to-Mac Migration Assistant behavior during Setup Assistant. See ADE Profiles for the migration controls and DDM boundary.
The first step to enrolling your Apple devices via ADE is to create an ADE Profile. The ADE Profile determines the initial settings applied during enrollment and applies across Apple platforms. Unless you need explicit separation of the initial enrollment settings, one ADE Profile can often cover all of your devices. This is partly possible because FileWave Custom Fields can be used to uniquely name devices.
- Open FileWave Admin and navigate to "Assistants > ADE Association Management".
- Click the "[+]" button on the right-hand side under "Profiles".
- Fill out each tab according to your management preferences.
Starting in FileWave 16.3.x, ADE profiles also support do_not_use_profile_from_backup. As described in Apple's deployment guidance, this tells a restored device to ignore the ADE profile embedded in the backup and fetch the current ADE assignment from Apple Business Manager or Apple School Manager instead, so the correct ADE configuration can be applied after restore.
FileWave 16.3.x also adds the Age Based Safety Settings skip key in ADE profiles and Setup Assistant. Apple's documentation is not yet fully consistent on whether this fully replaces AdditionalPrivacySettings, so FileWave keeps support for both keys for now.
The screenshots above show the general ADE profile tabs, but they are not a complete inventory of every current field. Newer ADE options added in later FileWave releases may not be visible in those older screenshots.
Assigning ADE Profiles
Assigning ADE Profiles is very easy within FileWave, especially if you only have one ADE Profile since you can set a Default ADE Profile. With a Default ADE Profile configured, anytime you assign a new device to the FileWave MDM Server from within Apple School Manager or Apple Business Manager, the ADE Profile will automatically apply and the device will be ready for ADE enrollment. However, if you have multiple ADE Profiles, FileWave will also enable you to create Rule-based ADE Profile assignments or you can always just drag-n-drop a ADE Profile onto a single device or multiple devices onto a ADE Profile.
The "Profile Status" field in the "Devices" pane tells you the current status of the ADE profile on the client device.
- Empty - no ADE Profile assigned
- Assigned - ADE Profile has been assigned but ADE enrollment has not occurred
- Pushed - Setup Assistant setting has run and settings have been enforced on client device
- Removed - ADE profile has been unassigned from device, will be changed to "Empty" after ADE sync
Setting Default ADE Profile
- Open FileWave Admin and navigate to "Assistants > ADE Association Management".
- Click "Edit Assignment Rules".
- Select your recently created ADE Profile from the "Default ADE Profile" dropdown menu.
- Click "OK".
- Click "Apply Assignment Rules" to save the changes.
- Hold the Option or Alt key on your keyboard and click "Synchronize (full sync)" button in lower right-hand corner
- You should now see that all of your devices have been "Assigned" to your ADE Profile.
Rule-based ADE Profile Assignment
- Open FileWave Admin and navigate to "Assistants > ADE Association Management".
- Click "Edit Assignment Rules".
- Click "[+]".
- Select the ADE Profile you'd like to assign based on rules.
- Drag-n-drop the Inventory data point the devices must meet to be assigned to the ADE Profile into the "Criteria" section.
- Verify the criteria is correct by viewing the returned devices in the "Fields" section.
- "Save" the query and "OK" to save rule definition.
- Click "Apply Assignment Rules" to save the changes.
- Hold the Option or Alt key on your keyboard and click "Synchronize (full sync)" button in lower right-hand corner.
- You should now see that your selected devices have been "Assigned" to your ADE Profile.
As noted in the Screenshot, the first matching rule (top to bottom) will be honoured; automated rules will override a Default Profile. Hence, Default Profile, if set, is considered the fallback if no rules are met.
Manually assign ADE Profile
- Open FileWave Admin and navigate to "Assistants > ADE Association Management".
- Select one or more devices from left pane and drag-n-drop onto a ADE Profile.
- or...
- Select one ADE Profile from the right pane and drag-n-drop it onto one device.
Generate custom FileWave Client for macOS ADE enrollments
During a ADE enrollment, your macOS devices will automatically download and install the FileWave Client. Before enrolling a macOS device via ADE we must first upload a customized FileWave Client PKG to the FileWave Server.
Generate a custom FileWave Client PKG
- Visit FileWave Custom Installer Builder
- Change the following settings to match your FileWave Server.
- Click "Build" and wait for automatic download of ZIP.
- Extract ZIP.
- Mandatory Settings
- Product Version = Your FileWave Server Version
- Sync Computer Name = macOS Hostname will be FileWave Client Name (recommended)
- Server Name = Fully Qualified Domain Name of your FileWave Server
- Server Port = 20015 (do not modify this as it will automatically go to the proper SSL port if you put in 20015)
- Client Password = Password used to change individual Client Preferences and to start screen-sharing session
- Optional Settings
- Is Tracking = Is Location Tracking Enabled for macOS Clients
- Monitor Port = Port used for FileWave Client Monitor (do not modify)
- Overwrite Configuration = Overwrite any existing FileWave Client configuration with settings entered here (recommended)
- Remotecontrol Enabled = Screen-sharing enabled for Windows Clients
- Remotecontrol Prompting = Whether or not to Prompt the end-user before starting screen-sharing session
- Server Certificate = Only upload certificate is using a Self-Signed Certificate; not required for CA-signed certificate
- Server Publish Port = 20005 (do not modify)
- Tickle Interval = Idle time for Windows Clients before checking for new Model Update (do not modify)
- Vnc Relay Port = 20030 (do not modify)
- Vnc Server Port = 20031 (do not modify)
- Booster Settings
- Do not configure unless instructed by FileWave SE
Upload custom FileWave Client PKG to FileWave
Enrolling Apple devices via ADE
Now that your devices have been "Assigned" to a ADE Profile, they can either be Factory Reset if already configured or taken fresh out of the box from Apple and they will automatically enroll into FileWave.
If getting authentication required during enrollment, please review this section to learn how to disable ADE enrollment authentication.
|
macOS |
iPadOS |
Finalizing adding of clients
FileWave Clients communicating to the FileWave server will not be able to connect until you add them to the model. We will now allow our new client to join the FileWave server.
- Open FileWave Central.
- Click on the “New Client” button in the tool bar
- Select Desktop Clients for macOS computers or Enrolled Mobile Devices for iPhone, iPad, and Apple Vision Pro.
- Select your new client from the list presented.
- Click the “Add Clients” button in the lower right.
Once you have selected “Add Clients”, you will be taken to the Clients view in FileWave Admin. By adding a client to the server, we have made changes to the model. In order for those changes to take effect, we need to perform a model update.
You can also decide to automatically add new clients to skip the step of adding devices. This is discussed here: Conflict Resolution
Making Changes to the Model
Remember that you will need to update the model anytime that you want to apply changes you have made. You can update the model after a single change or multiple changes (adding multiple clients, creating groups, etc.)
Congratulations! Your FileWave environment is now up and running! From here you can continue to add clients, build and deploy Filesets!
Apple Manual Enrollment
Not able to use DEP?
Apple's Device Enrollment Program is great but you may find that all or some of your devices aren't showing in Apple School Manager or Apple Business Manager. Devices are usually excluded because they were not purchased directly from Apple or an Authorized Reseller. iOS device capable of running iOS 11+ can be manually added to your ASM/ABM account but unfortunately this not yet an option for macOS. This section covers several manual enrollment methods and why you might need to leverage them.
Add iOS devices to ASM/ABM using Apple Configurator 2
If you have an iOS 11+ or tvOS 11+ device that was not originally purchased from Apple or an Apple Authorized Reseller, you can manually add the device to ASM/ABM using Apple Configurator 2. Please first review Apple's documentation here followed by FileWave Knowledge Base article here for more FileWave-specific processes. Once the device has been added to ASM/ABM you can take advantage of DEP for any future enrollments of this device.
MDM-enroll Apple devices using URL Enrollment
If ADE is unavailable, you can MDM-enroll an iPhone, iPad, Apple Vision Pro, or Mac using FileWave URL Enrollment. This method allows an end user to enroll a previously configured device without a factory reset. The user may be able to remove the MDM profile and unenroll the device. On macOS, the user also needs administrator privileges to install the MDM profile.
If getting authentication required during enrollment, please review this section to learn how to disable URL enrollment authentication.
macOS URL Enrollment
Apple mobile URL Enrollment: iPhone, iPad, and Vision Pro
Use the same FileWave enrollment URL and MDM-profile approval flow on Apple Vision Pro. The exact on-device labels follow the installed visionOS version.
iOS User Enrollment (BYOD)
Starting with iOS 13, FileWave allows your end-users to enroll using User Enrollment. This is a new form of BYOD enrollment that allows your organization to deploy VPP applications to the devices while keeping other end-user data private from the MDM. This method also required the use of Managed Apple IDs configured in either Apple School Manager or Apple Business Manager.
For more in-depth information and setup of iOS User Enrollment, please consult the following FileWave Knowledge Base article iOS BYOD User Enrollment. This article contains a video walk though of the enrollment process along with the limitations of iOS User Enrollment.
Enroll non-MDM macOS Client
Enrolling a macOS device outside of the MDM is possible although it is unrecommended. To enroll a non-MDM macOS device into FileWave, you will need to simply install the FileWave Client PKG using a macOS Administrator account.
|
Features unavailable with non-MDM macOS enrollment
|
Features available with non-MDM macOS enrollment
|
Generate a custom FileWave Client PKG
Open the FileWave Customer Installer Builder for macOS.
- Fill out the settings accordingly.
- Click the "Build" button and wait for the automatic download.
- Extract ZIP and install the customized FileWave Client PKG.
| Mandatory Settings |
| Product Version = Your FileWave Server Version |
| Sync Computer Name = macOS Hostname will be FileWave Client Name (recommended) |
| Server Name = Fully Qualified Domain Name of your FileWave Server |
| Server Port = 20015 (do not modify) |
| Client Password = Password used to change individual Client Preferences |
Note: The default port setting for Server Port above is 20015. However, SSL is now required, and the system will automatically use port 20017 instead when 20015 is entered. Do not manually set the port to 20017. Always enter 20015, and the system will handle the SSL port change for you.
| Optional Settings |
| Is Tracking = Is Location Tracking Enabled for macOS Clients |
| Monitor Port = Port used for FileWave Client Monitor (do not modify) |
| Overwrite Configuration = Overwrite any existing FileWave Client configuration with settings entered here (recommended) |
| Remotecontrol Enabled = Screen-sharing enabled for macOS Clients |
| Remotecontrol Prompting = Whether or not to Prompt the end-user before starting screen-sharing session |
| Server Certificate = Only upload certificate is using a Self-Signed Certificate; not required for CA-signed certificate |
| Server Publish Port = 20005 (do not modify) |
| Tickle Interval = Idle time for macOS Clients before checking for new Model Update (do not modify) |
| Vnc Relay Port = 20030 (do not modify) |
| Vnc Server Port = 20031 (do not modify) |
| Booster Settings |
| Initially you may want to make an installer that does not include Boosters. Read more about them here: Boosters |
Finalizing adding of clients
FileWave Clients communicating to the FileWave server will not be able to connect until you add them to the model. We will now allow our new client to join the FileWave server.
- Open FileWave Central.
- Click on the “New Client” button in the tool bar
- Select Desktop Clients for macOS computers or Enrolled Mobile Devices for iPhone, iPad, and Apple Vision Pro.
- Select your new client from the list presented.
- Click the “Add Clients” button in the lower right.
Once you have selected “Add Clients”, you will be taken to the Clients view in FileWave Admin. By adding a client to the server, we have made changes to the model. In order for those changes to take effect, we need to perform a model update.
You can also decide to automatically add new clients to skip the step of adding devices. This is discussed here: Conflict Resolution
Making Changes to the Model
Remember that you will need to update the model anytime that you want to apply changes you have made. You can update the model after a single change or multiple changes (adding multiple clients, creating groups, etc.)
Congratulations! Your FileWave environment is now up and running! From here you can continue to add clients, build and deploy Filesets!
Using LDAP to enroll macOS/iOS/Android devices
Use this document if you are trying to point your enrollment of device to directory services (Active Directory, Open Directory, eDirectory or OpenLDAP). This is used for Android Device and well as iOS devices or macOS devices enrolling OTA (over the air) as well as Apple's DEP (Device Enrollment Program) enrollment for both iOS and macOS devices.
This process consists of:
1- Backing up the current config
2- Editing a new config file to properly read the LDAP structure
3- Restarting the Apache Process so it reads the new config file
Getting the files ready
Open a Terminal Window or use SSH to get into the computer running FileWave Server
Gain root credentials
sudo -s
Enter your login password
| OS X / Linux: |
cd /usr/local/filewave/apache/conf/ |
Backup your current mdm_auth.conf by making a copy
cp mdm_auth.conf mdm_auth.conf.bac
Make a copy of the LDAP example and rename it
cp mdm_auth.conf.example_ldap_auth mdm_auth.conf
Making the changes
Open it up using your preferred text editor (nano mdm_auth.conf or vi mdm_auth.conf).
it will look like this:
<Location /ios/enroll>
# This is an example of ldap based user auth
AuthType Basic
AuthBasicProvider ldap
AuthName "Enroll IOS Device"
AuthLDAPURL "ldap://10.1.10.25:389/cn=Users,dc=saturn,dc=filewave,dc=us?uid"
Require valid-user
# If you need to bind to the ldap server, use these lines
# AuthLDAPBindDN "cn=Admin,o=myorg"
# AuthLDAPBindPassword "secret1"
LDAPReferrals Off
</Location>
<Location /ios/dep_enrollment_profile>
# This is an example of ldap based user auth
AuthType Basic
AuthBasicProvider ldap
AuthName "Enroll IOS Device"
AuthLDAPURL "ldap://10.1.10.25:389/cn=Users,dc=saturn,dc=filewave,dc=us?uid"
Require valid-user
ErrorDocument 401 "Enrollment credentials are needed."
# If you need to bind to the ldap server, use these lines
# AuthLDAPBindDN "cn=Admin,o=myorg"
# AuthLDAPBindPassword "secret1"
LDAPReferrals Off
</Location>
<Location /android/enroll>
# This is an example of ldap based user auth
AuthType Basic
AuthBasicProvider ldap
AuthName "Enroll Android Device"
AuthLDAPURL "ldap://10.1.10.25:389/cn=Users,dc=saturn,dc=filewave,dc=us?uid"
Require valid-user
# If you need to bind to the ldap server, use these lines
# AuthLDAPBindDN "cn=Admin,o=myorg"
# AuthLDAPBindPassword "secret1"
LDAPReferrals Off
</Location>
<Location /android/project_number>
# This is an example of ldap based user auth
AuthType Basic
AuthBasicProvider lda4
AuthName "Google Cloud Messaging configuration"
AuthLDAPURL "ldap://10.1.10.25:389/cn=Users,dc=saturn,dc=filewave,dc=us?uid"
Require valid-user
# If you need to bind to the ldap server, use these lines
# AuthLDAPBindDN "cn=Admin,o=myorg"
# AuthLDAPBindPassword "secret1"
LDAPReferrals Off
</Location>
The different sections correspond with the different enrollment URLs.
For example, if my servers hostname was server.filewave.com:
mdm_auth.conf
| URL | Use |
| https://server.filewave.com:20443/ios/enroll | Over the air enrollment portal |
| https://server.filewave.com:20443/ios/dep_enrollment_profile | URL iOS or macOS Devices request when a DEP device is enrolling. This URL is not accessible from a normal browser. |
| https://server.filewave.com:20443/android/enroll | Downloading the APK FileWave Client |
| https://server.filewave.com:20443/android/project_number | Used by the FileWave Android client to talk to server |
Open Directory & eDirectory
OD (by default) does not require a user to authenticate to read the structure.
You will not need to uncomment the bind options.
AuthName - The title of the login window
AuthLDAPURL - Where and what groups are allowed to login and there for enroll. The example above would allow anyone in the 'Users' group to enroll a device.
Make the appropriate changes and then save the .conf
Active Directory
AD (by default) requires you bind to the directory to read. Many people create a read-only directory account.
AuthName - The title of the login window
AuthLDAPURL - Where and what groups are allowed to login and there for enroll. The example above would allow anyone in the 'Users' group to enroll a device.
AuthLDAPBindDN - From specific to most general. Username, what group that is in, what group (or organizational unit) that group is in, and the server. The example above would allow the user 'TestDir Reader' who is in the group 'User' who is in the Org Unit 'IT' on the Active Directory server of ad-ldap.filewave.com to bind.
AuthLDAPBindPassword - Password for user account being used to bind to AD.
Make the appropriate changes and then save the .conf
Restarting Apache
Once saved, restart the FileWave Apache process/service
| OS X / Linux: |
/usr/local/filewave/apache/bin/apachectl graceful |
Now when a device attempts to enroll (by pressing the Enroll Device option on the site). They will be prompted to enter their username and password from the directory server.
Using several authentication sources for the same enrollment type
When we want to use several authentication sources (not nested locations) , we need to use AuthnProviderAlias sections to define those sources. The same format for binding to a single source ( see above ) apply for configuring each AuthnProviderAlias section , as in the following example
At the start of the file we define an alias by using:
<AuthnProviderAlias ldap ALIAS_NAME0>
AuthLDAPBindDN ""
AuthLDAPBindPassword ""
AuthLDAPURL ""
</AuthnProviderAlias>
Then below that you specify the location and call for the alias
<Location /ios/enroll>
AuthBasicProvider ALIAS_NAME0 ALIAS_NAME1 ALIAS_NAME2
AuthType Basic
AuthName "Enroll IOS Device"
Require valid-user
</Location>
A final MDM_auth.conf would look something like this:
<AuthnProviderAlias ldap Student>
AuthLDAPBindDN "cn=BindUserName,dc=filewave,dc=net"
AuthLDAPBindPassword "YourBindPassword"
AuthLDAPURL "ldap://ldap.filewave.net:389/OU=student,dc=filewave,dc=net?sAMAccountName"
</AuthnProviderAlias>
<AuthnProviderAlias ldap Faculty>
AuthLDAPBindDN "cn=BindUserName,dc=filewave,dc=net"
AuthLDAPBindPassword "YourBindPassword"
AuthLDAPURL "ldap://ldap.filewave.net:389/OU=staff,dc=filewave,dc=net?sAMAccountName"
</AuthnProviderAlias>
<Location /ios/enroll>
AuthBasicProvider Faculty Student
AuthType Basic
AuthName "Enroll IOS Device"
Require valid-user
</Location>
Troubleshooting tips
Take a look at the log files for apache:
| OS X / Linux: |
<br>/usr/local/filewave/apache/logs/error_log<br> <br> |
Below are some sample errors and what they typically mean.
NOT Bound:
[Thu Feb 09 22:10:19 2012] [error] [client 192.168.1.109] user diradmin: authentication failure for "/ios/enroll": Password Mismatch, referer: https://192.168.1.95:20443/ios/
Bound but user entered info wrong OR ldap url pointed to wrong group:
[Thu Feb 09 22:29:16 2012] [error] [client 192.168.1.109] user diradmin: authentication failure for "/ios/enroll": Password Mismatch
Bound w/ Bad User
[Thu Feb 09 22:29:00 2012] [error] [client 192.168.1.109] user lkajshdg not found: /ios/enroll
Could be Bound or not but not filtering by the correct ?uid ?sAMAccountName at end of URL (?UID is an OD or eDir, AD is typically ?sAMAccountName)
[Thu Feb 09 22:17:31 2012] [error] [client 192.168.1.109] user admin not found: /ios/enroll, referer: https://192.168.1.95:20443/ios/
Something wrong in the mdm_auth.conf file. Like AuthzLDAPAuthoritative isn't off or shoudn't be there.
apache require directives present and no authoritative handler
Recursive issues
Does it appear that your server only looks at the one group/unit pointed to and not sub-groups? try adding ?sub at the end of your AuthLDAPURL lines:
AuthLDAPURL "ldap://ldap.filewave.net:389/OU=student,dc=filewave,dc=net?sAMAccountName?sub"
Always feel free to contact support for further assistance.
Chromebook Enrollment
How to enroll Chromebooks into FileWave
Before enrolling Chromebooks, review Platform Integrations > Chromebooks to confirm Google Admin Console is syncing with FileWave. After that sync completes, provisioned Chromebooks appear in FileWave Central without a separate FileWave enrollment step.
Provisioning Chromebooks
Provisioning the Chromebook itself is a short device-side workflow once the Google integration is configured.
Do not log into the Chromebook before enrollment. If a user signs in first, reset the device and start the enrollment process again.
You need a configured Google enrollment user to enroll the device.
On power up, the device should present the Welcome page:
Click Let's go, then select a Wi-Fi network.
After the device joins a network, it may show an Enterprise Enrollment page:
If it does not, press Ctrl+Alt+E to enroll the device. Enter the Google enrollment username and password.
The device shows a progress bar while enrollment is running. When enrollment completes, a success page should appear:
At this point, the device should show in Google Admin Console as provisioned. After the next FileWave Google OAuth synchronization, the device should appear in the FileWave Client view.
You can trigger synchronization manually from FileWave Central preferences:
Clicking Done on the device should present the login page to the user:
Windows Enrollment
How to enroll Windows Clients into FileWave
If you haven't already, review the Platform Integrations > Windows section for guidance on installing the Windows FileWave Client. If your organization uses Microsoft Entra ID and users sign in to Windows with Entra ID credentials, consider enrolling Windows devices through Microsoft Entra ID instead. That path also enables Windows MDM management in FileWave. Learn more in the Windows MDM article.
After a Windows desktop client checks in, it waits for approval before it can receive associations. Add it to the model from FileWave Central.
- Open FileWave Central.
- Click the “New Client” button in the toolbar.
- Select “Desktop Clients”. The “Enrolled Mobile Devices” option is for MDM-enrolled devices, not a standard Windows desktop client.
- Select the new Windows client from the list.
- Optionally choose the group for the new client, then click “Add Clients”.
After you click “Add Clients”, FileWave Central opens the Clients view. Adding a client changes the model, so run a model update before expecting the Windows client to receive Filesets or settings.
You can also configure FileWave to add new clients automatically and skip the manual approval step. This is covered in Conflict Resolution.
Making Changes to the Model
Update the model whenever you want FileWave to apply model changes. You can update after one change or after a batch of changes, such as adding clients, creating groups, or assigning Filesets.
Your FileWave environment can now manage the Windows client. From here, continue adding clients, organizing groups, and deploying Filesets.