Introduction
In addition to the physical SIM option, Celona also offers the eSIM (embedded subscriber identity module) capability for the devices to authenticate and authorize access to the Celona private cellular network. Celona eSIMs are compatible with both 4G and 5G networks.
There are two ways to onboard the eSIM onto the device
Using an individual QR (quick-response) code for each eSIM. This process works well for onboarding individual devices. The self-service workflow for downloading eSIMs via QR code is available in Orchestrator UI.
Via the MDM (Mobile Device Management) platform used by enterprises to manage corporate owned and BYOD (Bring Your Own Device) mobile devices. This option is ideal for enterprises managing large numbers of devices. Currently, MDM workflow is only available via APIs.
Detailed instructions for onboarding eSIMs with both options are provided in this article.
Note on re-using eSIMs:
Celona eSIMs can be re-used on a different device if needed. In order to re-assign the eSIM to a new device, an active eSIM would first need to be de-activated in Orchestrator and the SIM deleted from the existing device. Once these steps are completed, the eSIM will be ready for assignment to another device. It is not possible to re-assign the eSIM without first deleting it from the original device.
Please note that deleting a SIM from an existing device requires internet connectivity (WiFi or other cellular).
Celona Orchestrator UI provides details on the state of each eSIM onboarding states (Available, Downloaded, Installed, etc.) under the column, “eSIM Status“ on the devices table.
Note: Onboarding an eSIM to a device, or deleting an eSIM from an existing device requires internet connectivity (WiFi or other cellular) to download the eSIM profile from the server.
Activating eSIMs via QR Codes (on the CSO UI)
Orchestrator Devices section provides information on the total number of provisioned eSIMs: i.e., the total number of eSIMs available for activation. The provisioned eSIMs quantity is calculated based on the number of AP subscriptions purchased by customer: by default each Indoor subscription includes 20 eSIMs, each Outdoor subscription includes 40 eSIMs. If needed, extra eSIMs outside of the default quantities included with AP subscriptions can be purchased separately.
To Activate the eSIMs via QR Code:
Navigate to the SIMs & Devices page.
Select the Summary tab at the top of the page to view your full device inventory.
Click the Activate button on the eSIMs card.
Click Activate eSIMS via QR Code tab. Also, you can do bulk activation or single activation.
To activate bulk, click BULK and upload a CSV file. Click the DOWNLOAD TEMPLATE button for an example template of the CSV file.
Fill out the details on the template as mentioned below, and upload the CSV file by clicking choose file.
The first row will specify the names of the attributes to be updated, do not modify this.
The attribute names are case-sensitive
The attribute names can be in any order
A cell should be left blank if that field should not be updated
A cell value having double quotes ("") is treated as empty value and that field will not be updated
Attributes/Cells:
Email
: Enter the email address where you intend to receive the QR Code.Device Name
:
Name of the device, optional attributeDevice Profile
:
Name of the device profile (formerly, device group) the device belongs to. Specify 'default' (all lowercase, no quotes) for the default device profile.Cluster Auth Type
: one of the following values:ALL
: if you want to authorize access across all clusters for the deviceLIST
: if you want to authorize access to a specific list of clusters for the device
Clusters
: a pipe-separated (|
) list of edge-cluster IDs. For example:ec-id1|ec-id2
. Must be specified only ifauthorized_edge_clusters_type
isLIST
.PlmnId
: Please enter 315010 for US and 999503 for the rest of the world.Static IP Address
: Please enter a static IP address for the device if needed (optional attribute)Sim Lock Enabled
: SIM lock configuration for the device.true
to enable, any other values will be considered as false and disable SIM lock.Sim Lock Policy:
If sim lock is enabled, one of the following two policies must be specified:ONATTACH
: if you want the sim to be locked on to the device identified upon first attach.IMEIMAPPING
: if you want the sim to be locked onto a specific device
IMEI
: 15-digit IMEI number must be specified ifsim_lock_policy
isIMEIMAPPING
.
To activate a single eSIM via the CSO UI, click the SINGLE button and enter the device details in the mandatory fields.
* Device Name (Mandatory Field): Assign a unique, descriptive name to easily identify the device.
* User Email (Mandatory Field): Enter the email address associated with the device user. The QR Code will be emailed to this user.
* Device Profile (Mandatory field): Select the appropriate device profile to apply network policies and configurations (previously known as Device Groups). (Refer to the updated Device Profiles documentation.)
* Authorized Sites (Mandatory Field): Select the sites where devices should be authorized from the dropdown list. There are three possible selections for a user to make -
All sites in org: When the user selects this option, activation applies to all current sites (and by extension, all Edge Clusters) any future sites or edge clusters that the customer may add to the organization.
Note: Please do not select this option if the user does not want the device activated in future sites/edge clusters.Specific Sites: This option allows the user to select targeted sites for activation.
Note: If the user wants the device activated in all future sites, select the Select all option in Specific Sites.None: If the user selects None, the activation workflow cannot be completed.
Note: Please note that if “None“ is selected for an activated device, the device will be deactivated.
* PLMN ID (Mandatory Field): Enter the Public Land Mobile Network ID (PLMN) to specify the network identifier.
315010 (US)
999503 (Non-US)
Static IP: Assign a static IP if needed to ensure a consistent address for the device.
SIM Lock: Enable or disable SIM Lock to restrict the device’s SIM usage. Enabling SIM Lock can either lock to a specific IMEI or automatically lock to the first device it connects with.
Activating eSIMs via QR Code (via APIs)
API Endpoint:
/v1/api/rsp/esims/qrcode/provision
This API accepts a CSV file containing device information similar to the format mentioned in the above section.
API Request:
curl --location 'https://testdevice-cso.celonanetworks.com/v1/api/rsp/esims/qrcode/provision?customer_id=' \ --header 'X-API-Key: $2y$10$xCCWHslkfThCrVV7j90m' \ --form 'esimDetails=@"ERK94CV6t/bulk-activate-esim-via-qrcode.csv"'
Note that the API call with CSV is asynchronous. A “success” simply means that the request was accepted, but for many devices it may take some time to process.
Activating eSIMs via MDM
Celona has an integration capability with generally any MDM platform to manage Celona eSIMs for fleets of enterprise devices. The following section describes the workflow on how an enterprise can onboard supported MDM devices with Celona eSIMs.
High-level Flow
The only input required to execute the flow is the list of device EIDs (Embedded Identity Document) downloaded from the MDM system and a CSV of device information in the template mentioned below. Users can then proceed to activate eSIMs via the Celona Orchestrator UI or APIs.
The user or MDM administrator first needs to configure SM-DP+ URL https://sm-v4-072-d-gtm.pr.go-esim.com
in the MDM system. The user then needs to activate eSIMs via the API or UI workflows mentioned below. Once the activation flow is executed, the Orchestrator will update the mapping between device EIDs and device names and push configuration onto the Celona Edge and Celona SM-DP+ service.
The eSIM will get activated, the device will get authorized to enroll via eSIM using credentials, identifier and SM-DP+ URL given to the device. The device will then communicate with the SM-DP+ service for registration and authentication / authorization for connectivity.
MDM Configuration
In the MDM, the Customer needs to manage for each device, the attributes mentioned in the template below. This needs to be done by configuring the SM-DP+ URL
https://sm-v4-072-d-gtm.pr.go-esim.com
in the MDM system.Once the device is powered up and has its' MDM profile updated, it will automatically connect to the Celona SM-DP+ server to authenticate the eSIM to the device.
After onboarding, the customer is expected to activate the eSIMs via the UI or API workflows detailed below. On the device itself, especially for Apple devices, the customer will have to manage setting cellular priority, per app settings, etc. More details on the Device Group management are available in this article.
The SM-DP+ URL should be pushed to each device from within the MDM.
JAMF MDM Profile on Apple iPhone 11 SE
eSIM Activation via MDM (via Orchestrator UI)
Starting with Celona Orchestrator version 2406.1, users will be able to activate eSIMs via MDM directly from the Orchestrator UI.
To Activate the eSIMs via MDM:
Navigate to the SIMs & Devices.
Select the Config tab at the top of the page to view your full device inventory.
Click the Activate button on the eSIMs card.
Click Activate eSIMS via MDM tab. You can also do bulk activation or single activation here.
To activate bulk, click BULK and upload a CSV file. Click the DOWNLOAD TEMPLATE button for an example template of the CSV file.
Fill out the details on the template as mentioned below, and upload the CSV file by clicking choose file.
The first row will specify the names of the attributes to be updated, do not modify this.
The attribute names are case-sensitive
The attribute names can be in any order
A cell should be left blank if that field should not be updated
A cell value having double quotes ("") is treated as empty value and that field will not be updated
Attributes/Cells:
EID: Enter the device’s Embedded Identity Document (EID) for secure identification (mandatory attribute)
Device Name
:
Name of the device (optional attribute)Device Profile
:
Name of the device profile (formerly, device group) the device belongs to. Specify 'default' (all lowercase, no quotes) for the default device profile.Cluster Auth Type
: one of the following values:ALL
: if you want to authorize access across all clusters for the deviceLIST
: if you want to authorize access to a specific list of clusters for the device
Clusters
: a pipe-separated (|
) list of edge-cluster IDs. For example:ec-id1|ec-id2
. Must be specified only ifauthorized_edge_clusters_type
isLIST
.PlmnId
: Please enter 315010 for US and 999503 for the rest of the world.Static IP Address
: Please enter a static IP address for the device if needed (optional attribute)Please note that SIM Lock is automatically enabled when activating eSIMs via MDM.
To activate a single eSIM, click the SINGLE button and enter the device details in the mandatory fields.
* Device Name (Mandatory Field): Assign a unique identifier for easy recognition within your inventory.
* Device EID (Mandatory Field): Enter the device’s Embedded Identity Document (EID) for secure identification.
* Device Profile (Mandatory Field): To apply the necessary configurations and policies, choose a device profile.
* Authorized Sites (Mandatory Field): Select the sites where devices should be authorized from the dropdown list. There are three possible selections for a user to make -
All sites in org: When the user selects this option, activation applies to all current sites (and by extension, all Edge Clusters) any future sites or edge clusters that the customer may add to the organization.
Note: Please do not select this option if the user does not want the device activated in future sites/edge clusters.Specific Sites: This option allows the user to select targeted sites for activation.
Note: If the user wants the device activated in all future sites, select the Select all option in Specific Sites.None: If the user selects None, the activation workflow cannot be completed.
Note: Please note that if “None“ is selected for an activated device, the device will be deactivated.
* PLMN ID (Mandatory Field): Enter the Public Land Mobile Network ID (PLMN) to specify the network identifier.
315010 (US)
999503 (Non-US)
Static IP : Assign a static IP if needed to ensure a consistent address for the device.
SIM Lock: Enabled by default, locking the eSIM to the device to ensure secure access.
Note: eSIMs onboarded via MDM will have SIM Lock enabled by default unlike physical SIM cards or eSIMs activated via QR Code. This lock cannot be disabled, ensuring that the eSIM is tied to a specific device and reducing the risk of unauthorized access.
eSIM Activation via MDM (via APIs)
API Endpoint:
/v1/api/rsp/esims/mdm/provision
This API accepts a CSV file containing device information similar to the format mentioned in the above section.
API Request:
curl --location 'https://testdevice-cso.celonanetworks.com/v1/api/rsp/esims/mdm/provision' \ --header 'X-API-Key: $2y$10$xCCWHslkfThCrVV7j90mc' \ --form 'output_filename=@"/Users/ajohn/Downloads/esims_mdm.csv"'
Note that the API call with CSV is asynchronous. A “success” simply means that the request was accepted, but for many devices it may take some time to process.
Celona eSIM activated on Apple iPhone 11 SE, as “Personal”. The name of the cellular network can be updated to a custom value, for example “Celona”.
Please reach out to support@celona.io in case of any additional questions.
Deactivate a Device
There are three ways to deactivate the device:
Select devices using the checkboxes in the first column, and click the “Deactivate” button above the table.
OR
Click the kebab-menu at the end of the row, and choose “Deactivate” from the menu.
OR
Click the Edit (pencil) icon in the table header, update “Authorized Sites” to “None” for the devices to be deactivated, and click “Update.”
Reactivate a Device
There are three ways to reactivate a device:
Select devices using the checkboxes in the first column, and click the “Reactivate” button above the table.
ORClick the kebab-menu at the end of the row, and choose “Reactivate” from the menu.
ORClick the Edit (pencil) icon in the table header, update “Authorized Sites” for the devices to be reactivated, and click “Update.”