If you have configured the IGEL Onboarding Service, you use it to register your IGEL OS 12; see Register IGEL OS 12 Devices with the UMS via IGEL Onboarding Service

For an alternative device registration method, see Alternative Onboarding Method: Registering Devices with the UMS Using the One-Time Password.

If you decide for some reason not to use the IGEL Onboarding Service or the one-time password method, you can skip the corresponding steps in the Setup Assistant. Your IGEL OS 12 device will start with a Starter license

To register this device with the UMS Server, you can use the Scan for devices function, see Scanning the Network for Devices and Registering Devices on the IGEL UMS. For other device registration methods, see Registering IGEL OS Devices on the UMS Server.


Register IGEL OS 12 Devices with the UMS via IGEL Onboarding Service

  1. Switch your device on.
    The Setup Assistant starts.

  2. Choose the display language and set your keyboard layout. Click Continue.


  3. Read the End User License Agreement (EULA) and accept the license terms. Click Continue.


  4. If you are not connected to a LAN, a network configuration screen is displayed. In this case, follow the instructions under Troubleshooting: Configuring a Network during the Onboarding

  5. To automatically set the time zone, activate I agree to automatically detect the device and click Continue


    Or click Continue and set your time zone, time, and date manually, then click Continue.


  6. Enter your e-mail address (using the correct upper/lowercase) and click Continue


    When everything went well, your device will be integrated into your company network after the reboot. This means it has been connected to your IGEL Universal Management Suite (UMS) which provides your device with the appropriate licenses, settings, and IGEL OS Apps.


If you need later to check who onboarded the device, you can view this information in the UMS Web App > Devices > [name of the device] > Properties System Information > Onboarded by.

Alternative Onboarding Method: Registering Devices with the UMS Using the One-Time Password

If you decided not to use IGEL Onboarding Service for the registration of your IGEL OS 12 devices, you can use a one-time password method as an alternative.

  1. Switch your device on.
    The Setup Assistant starts.

  2. Choose the display language and set your keyboard layout. Click Continue.


  3. Read the End User License Agreement (EULA) and accept the license terms. Click Continue.


  4. If you are not connected to a LAN, a network configuration screen is displayed. In this case, follow the instructions under Troubleshooting: Configuring a Network during the Onboarding

  5. To automatically set the time zone, activate I agree to automatically detect the device and click Continue.


    Or click Continue and set your time zone, time, and date manually, then click Continue.


  6. When the IGEL Setup Assistant asks for your company e-mail, click Skip.


    You will be asked to enter the data provided by your administrator:


  7. Enter the following data and click Continue:
    URL / Server address: Host name or IP address of the UMS Server. If configured, you can alternatively use the Public Address of the UMS Server or Cluster Address.
    Port: Web server port (Default: 8443). If configured, you can alternatively use the Public Web Port or Cluster Address Port.
    One-time password: First-authentication key (no matter one-time key or mass-deployment key), which you create under UMS Console > UMS Administration > Global Configuration > First-authentication Keys.

    Creating a one-time password in the UMS Console

    You can create the following first-authentication keys:

    • One-time keys: Can be used by any random device, but cannot be re-used by any other device. Hence, the number of keys must match the number of devices.
    • One-time keys associated with a device: Can only be used by a specific device and will be invalidated after use. Therefore, only devices with the specified UnitIDs will be registered.
    • Mass-deployment keys: Multiple-time keys that can be used by any device and will remain valid after use. If you choose to create a mass-deployment key, there is a possibility to set your own password.


    You can view the created key by clicking Show key; or simply copy it to the clipboard. 

  8. In the mask opened, enter the communication token. The communication token is the third part of the SHA256 fingerprint of the root certificate of your UMS Server. Then click Continue.


    How to Find Out the Communication Token / Root Certificate Fingerprint (SHA256)

    Go to UMS Console > UMS Administration > Global Configuration > Certificate Management > Web, select the certificate and click .




    Alternatively, go to UMS Web App > Network > UMS Server Details and copy Root Cert. Fingerprint - Part 3.


    If You Use IGEL Cloud Gateway

    If you want to connect the device via the IGEL Cloud Gateway (ICG), use the following as credentials under steps 7 and 8:

    URL / Server address: Host name or IP address of the ICG server
    Port: ICG port (Default: 8443)
    One-time password: First-authentication key created as described above. You may find it also interesting to read Generating and Distributing First-Authentication Keys for Devices.
    Communication token: Fingerprint of the root certificate of the ICG server (the third part)



    When everything went well, your device will be integrated into your company network after the reboot. This means it has been connected to your IGEL Universal Management Suite (UMS) which provides your device with the appropriate licenses, settings, and IGEL OS Apps.


Troubleshooting: Configuring a Network during the Onboarding

If your device cannot connect to the network instantly, the IGEL Setup Assistant will ask you to configure your network connection.

Connecting to a Wireless Network That Is Visible

Wi-Fi networks with certificates are not supported in the Setup Assistant.

This configuration step is available if a WLAN adapter was found when starting the device. The device will search for available WLAN access points as soon as the configuration step is opened. The WLAN access points found will be listed.

  1. Select the network you want to connect to.


  2. Enter the authentication data that are required by your network, e.g. Network key or Password and Username.



  3. Click Connect.

If no Wi-Fi adapter is found, please check if:

  • There is a hardware switch on your device.
  • There is a BIOS setting that disables Wi-Fi if Ethernet is connected.
  • There is a BIOS update for your endpoint.

Connecting to a Wireless Network That Is Hidden

  1. Click Connect manually to a network.


  2. Select the Authentication type and enter the required authentication data. 
    Possible options: 
    • Open: Enter the Network name.
    • Security key: Enter the Network name and the Security key
    • Username and password: Enter the Network nameUsername, and the Security key


  3. Click Connect.

Advanced Wired Network Configuration

This configuration step is available if a wired network has been detected, but the connection to the LAN could not be established automatically (e.g. because the IP address could not be automatically received from the DHCP server for some reason). 

  1. Enter the appropriate settings for your wired network: 
    Static IP address: Static IP address of the device
    Static network mask: Static network mask of the device
    Default gateway: IP address of the default gateway
    AND/OR
    Default domain: Usually the name of the local network
    Name server: IP address of the name server to be used
    Name server: IP address of an alternative name server


  2. Click Continue.

Mobile Broadband

This configuration step is available if there is no LAN or wi-fi connection, but a surf stick / modem has been detected. If not detected, reboot your endpoint device.

  1. Enter the required data:
    Country or region: The country or region of your provider
    Provider: Provider (the possible options depend on what you choose for Country or region)
    APN: Access point name (the possible options depend on what you choose for Provider)
    PIN (displayed if the SIM card is locked): PIN for the SIM card used

  2. Click Continue.


Troubleshooting: Possible Error Codes During the Onboarding

During the onboarding with the IGEL Onboarding Service or with the one-time password method, the following internal errors may occur.

Error message: "Could not manage your device because of an internal error (<error-code>)"

Error CodeMeaning
30Onboarding service not reachable anymore
32Invalid arguments
33Failed to initialize EST API
34Failed to load trust chain
35Failed to load key pair
36Failed to load private key
37Failed to get CA certificates from server
38

Failed to enroll a certificate from server

For information on the solution, see Troubleshooting: Error 38 during the Onboarding of an IGEL OS 12 Device.

39Failed to retrieve the enrolled certificate
40Failed to convert the enrolled certificate to PEM
41Failed to save the enrolled certificate
42Failed to create a TLS context
43Failed to create a TLS handle
44Failed to establish a TCP connection
45Failed to establish a TLS connection
46Failed to verify TLS certificate chain
47Failed to load system trust store

If you have checked your configuration and everything seems to be correct, collect the log files as described under Debugging / How to Collect and Send Device Log Files to IGEL Support and contact IGEL Support.