Appearance
Provisioned Devices
Provisioned devices (device slots) are placeholders created via the API that represent device slots in your fleet. When physical devices enroll using single enrollment keys, they couple with these provisioned devices.
Overview
A provisioned device is:
- A Device Slot - Reserved space for one physical device
- API-Managed - Created via
POST /v2/devices - Enrollment-Ready - Created with a unique
singleEnrollmentKey - Group-Assigned - Automatically part of a device group
- Unenrollable - Delete via API to remove from your fleet
Creating Provisioned Devices
Single Device Creation
bash
curl -X POST "https://api.<tenant>.pradeo-security.com/v2/devices" \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"deviceGroupId": "<device-group-id>",
"singleEnrollmentKey": "ENROLL_KEY_UNIQUE_001",
"name": "Sales Rep - John Doe",
}'Request Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
deviceGroupId | string | Yes | ID of the device group |
singleEnrollmentKey | string | Yes | Unique key for device enrollment (1-use only) |
name | string | No | Human-readable device name |
description | string | No | Device description/notes |
Single Enrollment Key Mechanism
The singleEnrollmentKey is the secure bridge between provisioned and physical devices.
Provisioned Device (API) Physical Device (Mobile)
↓ ↓
ENROLL_KEY_UNIQUE_001 ENROLL_KEY_UNIQUE_001
↓ ↓
Agentless Couples
↓ ↓
Status enrolled Device info transmitted
↓ ↓
Receives policies Policies appliedKey Properties
- Unique per Device - Each device must have a unique key
- One-Time Use - Key can only be used once
- Secure - Prevents unauthorized device enrollment
Auto enroll
Pradeo agent support App config to auto-enroll. You can pass these parameters for Android or iOS to auto enroll :
endpoint : device-api.<tenant>.pradeo-security.com
accessKey : a non expired access key
enrollmentCode : the single enrollment key
enrollmentMode : "couple"
mdmMode : "integrated"
mdmId : an id to identify device (recommanded to be the same enrollmentCode)
name : predefined name (optional)Key Management
Generating Unique Keys
Use internal id, timestamps or UUIDs to ensure uniqueness:
bash
# Using timestamp
KEY_TIMESTAMP="ENROLL_$(date +%s)_$(uuidgen)"
# Using UUID only
KEY_UUID="ENROLL_$(uuidgen)"
# Using sequential
KEY_SEQUENTIAL="ENROLL_001_$(date +%Y%m%d)"Monitoring Provisioned Devices
List All Devices
bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/devices" \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"List by Group
bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/device-groups/<device-group-id>/devices" \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"Get Device Details
bash
curl -X GET "https://api.<tenant>.pradeo-security.com/v2/devices/<device-id>" \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"Response includes device ID, group assignment, enrollment status, physical device info, and security status.
Device Removal
Removing Devices
Delete provisioned devices to unenroll them:
bash
curl -X DELETE "https://api.<tenant>.pradeo-security.com/v2/devices/<device-id>" \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"✓ Deletes the device and unenrolls it immediately from your fleet.
Best Practices
Security
- Unique Keys - Never reuse enrollment keys
- Secure Distribution - Share keys via secure channels only
Management
- Batch Operations - Use bulk operations for efficiency
- Naming Convention - Use consistent device naming (e.g.,
DEPT_EMPLOYEE_DATE) - Documentation - Keep records of device allocation
- Tracking - Monitor enrollment status and success rates
Troubleshooting
Device won't enroll
- Verify enrollment key is correct
- Check app installation on physical device
- Verify network connectivity
- Check device group policies allow enrollment
- Review device logs for errors
Enrollment key already used
Solution: Create new provisioned device with new enrollment key
Device policy not applying
- Verify device shows as "enrolled"
- Check group agent configuration
- Review device agent version
Next Steps
- Device Groups - Organize devices with groups
- Overview - Back to MDM overview
- API Reference - Complete API documentation