Settings in UDM Pro include Bridge Management Settings, implementing the option to enable Zero Touch Registration (ZTR). Zero Touch Registration gives you the option to either enable or disable UDM Pro to allow a bridge to register with no manual intervention. But, before a bridge can provision devices, you must approve the bridge for provisioning.
See the Bridges section in this guide for how you approve a bridge.
Additionally, there is a Device Management Settings feature Zero Touch Approval (ZTA) allowing the option to enable or disable the ability to for automatic approval and provisioning of devices. If this setting is enabled, the administrator does not need to approve each device that registers with UDM Pro before it can request registration and provisioning.
Bridge Management Settings
To enable or disable Zero Touch Registration (ZTR), do the following.
- On the sidebar, click Settings
- On the Settings page, in Bridge Management Settings, click the toggle in Zero Touch Registration to enable or disable ZTR
- Adjust the Bridge Last Seen Days Threshold. This number represents how many days UDM Pro will persist the registration of a bridge that has not reported in. Bridges communicate with UDM Pro periodically to receive updates and to communicate new device registrations.
Note! By default, this period is five (5) days. If the Last Seen Time of the bridge exceed five days, the bridge is unregistered. If the bridge communicates with UDM Pro after the threshold has been exceeded, it will need to re-register and be approved.
Device Management Settings
To enable or disable Zero Touch Approval (ZTA), do the following.
- On the sidebar, click Settings
- On the Settings page, in Device Management Settings, click the toggle in Zero Touch Approval to enable or disable ZTA
- Adjust Log Retention Period by typing a number to indicate the number of days to retain device logs. Provisioning bridge of UDM Pro storage? If UDM Pro, this could get huge.. A setting of zero (0) will ignore logs.
- The Secure Device Browser Links will use HTTPS when you click on the IP address of a device to access the devices web interface. Note: You need to enable the web interface for HTTP or HTTPS access.
Caution! Logs, while not huge for a single device, can become very large with hundreds to thousands of devices. Typically, there are two logs per device – a boot log and application (app) log. These logs, based on the activity of the device, can be as small as 1k and up. Given that these are a per-device log, if you have thousands of devices the storage requirements could get out of control quickly if not controlled by an automatic pruning setting such as Log Retention Period
These settings are applicable if you have subscribed to the optional Monitoring Module.
You can select the Use Internal Email Server option this uses the Enoten email servers and use a default Enoten email account for sending Monitoring alerts. To use your own email server and accounts enter your email server and user account details.
ADFS SSO Settings
These settings enable Single Sign On using ADFS.
Active Directory Sync Settings
These settings are used for Ranger to obtain details of Active Directory users phone numbers. Details of these settings are in Bridge Installation Guide for Ranger
These settings enable SIngle Sign on using ADFS.