Skip to main content
Device enrollment ensures that only authorized devices can access your Nexus Access Vault resources.

Overview

The device enrollment process involves:
  1. Selecting device type - Choose your device platform
  2. Token validation - Verify your invitation token
  3. Installation - Download and configure the client
  4. Enrollment completion - Activate secure access

Enrollment Wizard

Nexus Access Vault provides a guided enrollment wizard with visual progress tracking: 
type WizardStep = 'device-type' | 'token-validation' | 'installation';

const steps = [
  { 
    id: 'device-type', 
    label: 'Tipo de Dispositivo',
    description: 'Selecciona tu dispositivo'
  },
  { 
    id: 'token-validation', 
    label: 'Validar Token',
    description: 'Ingresa tu invitación'
  },
  { 
    id: 'installation', 
    label: 'Instalación',
    description: 'Descarga y configura'
  },
];

Starting Device Enrollment

1

Navigate to enrollment page

From the dashboard, go to My Devices and click “Enroll New Device”.Alternatively, navigate directly to /enroll.
2

Check device limits

The wizard displays your current device count and maximum allowed devices:
const { count } = await supabase
  .from('devices')
  .select('*', { count: 'exact', head: true })
  .eq('user_id', user.id)
  .in('status', ['active', 'pending']);

// Typical limit: 2 devices per user
maxDevices: 2
currentDeviceCount: count || 0
You cannot enroll new devices if you’ve reached your device limit. Remove an existing device first.

Step 1: Select Device Type

Choose your device platform from the available options:

Supported Device Types

Windows

Windows 10/11 desktop and laptop computers

macOS

Mac computers running macOS 11 or later

Linux

Ubuntu, Debian, Fedora, and other distributions

iOS

iPhone and iPad devices (iOS 14+)

Android

Android phones and tablets (Android 10+)

Device Type Selector

export type DeviceType = 
  | 'windows' 
  | 'macos' 
  | 'linux' 
  | 'ios' 
  | 'android';

<DeviceTypeSelector
  selectedType={selectedDeviceType}
  onSelect={handleDeviceSelect}
  maxDevices={2}
  currentDeviceCount={currentDeviceCount}
/>
Each device type has specific installation requirements. The wizard provides tailored instructions.

Step 2: Token Validation

Validate your enrollment invitation token:
1

Obtain your token

Your administrator provides an enrollment token via email or the admin panel.Tokens are typically formatted as:
NAV-XXXX-XXXX-XXXX-XXXX
2

Enter the token

Input your token in the validation field:
<TokenValidation
  deviceType={selectedDeviceType}
  onValidationSuccess={handleValidationSuccess}
  onBack={() => setCurrentStep('device-type')}
/>
3

Verify token validity

The system validates:
  • Token format and structure
  • Token expiration date
  • Remaining usage count
  • User eligibility
interface TokenValidationResult {
  valid: boolean;
  token: string;
  expiresAt?: string;
  metadata?: Record<string, unknown>;
}
Tokens typically expire after 7 days. Request a new token if yours has expired.

Step 3: Installation Instructions

After token validation, follow platform-specific installation instructions:

Windows Installation

1

Download the installer

Download the Netbird Windows client:
# Direct download link provided in the wizard
netbird-installer-windows-amd64.exe
2

Run the installer

  1. Double-click the downloaded installer
  2. Follow the installation wizard
  3. Grant administrator permissions when prompted
3

Launch and authenticate

  1. Open Netbird from the Start menu
  2. Enter your enrollment token
  3. Authenticate using your Nexus Access Vault credentials
4

Verify connection

Check that Netbird shows “Connected” status:
netbird status
# Output: Status: Connected

macOS Installation

1

Download the package

# Download Netbird for macOS
curl -O https://pkgs.netbird.io/macos/netbird.pkg
2

Install via package manager

# Using Homebrew (recommended)
brew install netbird

# Or install the .pkg file
sudo installer -pkg netbird.pkg -target /
3

Start the service

netbird up
# Enter your enrollment token when prompted
4

Verify installation

netbird status
# Should show connected status and assigned IP

Linux Installation

# Add Netbird repository
curl -fsSL https://pkgs.netbird.io/debian/public.key | sudo apt-key add -
echo "deb https://pkgs.netbird.io/debian stable main" | sudo tee /etc/apt/sources.list.d/netbird.list

# Install Netbird
sudo apt update
sudo apt install netbird

# Start service
sudo netbird up

Mobile Installation (iOS/Android)

1

Download from app store

iOS: Download from App StoreAndroid: Download from Google Play
2

Open the app

Launch Netbird after installation.
3

Enter enrollment token

Tap “Add Network” and enter your enrollment token.
4

Grant VPN permissions

Allow Netbird to create VPN configurations when prompted.
5

Connect

Tap “Connect” to establish the secure tunnel.

Enrollment Completion

Once installation is complete:
1

Verify device in dashboard

Navigate to My Devices to see your newly enrolled device:
  • Device name and type
  • Connection status
  • Assigned IP address
  • Last seen timestamp
2

Test connectivity

Try accessing an application to verify the connection:
# Ping internal resource
ping 192.168.1.100

# Access web application
curl http://internal-app.local
3

Configure device settings

Optionally configure:
  • Device name
  • Auto-connect on startup
  • Network preferences

Managing Enrolled Devices

View Device Status

Check device status in the My Devices page: 
interface Device {
  id: string;
  user_id: string;
  device_name: string;
  device_type: DeviceType;
  status: 'active' | 'pending' | 'suspended' | 'revoked';
  last_seen: string;
  ip_address: string;
  metadata: Record<string, unknown>;
}

Device Actions

  • Rename - Update device name
  • Suspend - Temporarily disable access
  • Revoke - Permanently remove device
  • View Logs - See connection history

Removing a Device

To remove an enrolled device:
1

Navigate to My Devices

Go to the My Devices page from the sidebar.
2

Select device

Click the menu icon on the device you want to remove.
3

Confirm removal

Click “Remove Device” and confirm the action.
Removing a device immediately terminates all active connections.
4

Uninstall client

Optionally uninstall the Netbird client from the device:Windows: Programs & Features macOS: brew uninstall netbird Linux: sudo apt remove netbird

Device Limits

Nexus Access Vault enforces device limits per user:
  • Free tier: 2 devices
  • Professional: 5 devices
  • Enterprise: Unlimited devices
Remove unused devices to free up slots for new enrollments.

Security Considerations

  • Never share enrollment tokens
  • Tokens expire after 7 days
  • Each token has limited uses
  • Revoked tokens cannot be reactivated
  • Only enroll devices you own and control
  • Keep client software updated
  • Monitor device activity regularly
  • Report suspicious activity immediately
  • Enrolled devices join a secure network overlay
  • Traffic is encrypted end-to-end
  • Devices cannot access unauthorized resources
  • Network policies are enforced centrally

Next Steps

Access Applications

Start using your enrolled device to access applications

Connection Methods

Learn about different connection types

Troubleshooting

Enrollment Token Invalid

Request a new token from your administrator. Tokens expire after 7 days.

Installation Failed

Ensure you have administrator/sudo privileges and sufficient disk space.

Cannot Connect After Enrollment

Check:
  • Netbird service is running
  • Firewall allows Netbird connections
  • Device status is “active” in the dashboard

Device Not Showing in Dashboard

Wait a few minutes for synchronization. If it still doesn’t appear, try re-enrolling.

Build docs developers (and LLMs) love

Get started for freeTalk to us