Abstract: When deploying large numbers of IoT devices, an enrollment protocol takes care of admitting each device into their target network for the first time. The protocol must be secure to block malicious actors, easy to operate to reduce cost, and lightweight due to bandwidth constraints. Solutions in literature either involve use of pre-shared keys, require perdevice user input, or have been designed for non-constrained environments. This paper introduces EDHOC with Lightweight Authorization (ELA), a protocol for securely authorizing enrollment of devices in constrained networks with support for zerotouch deployments. We define ELA as an extension to Ephemeral Diffie-Hellman Over COSE (EDHOC), a key exchange protocol with extremely low message footprint. We evaluate ELA on DotBot, a platform for research in swarm micro-robotics. We find that enrolling a DotBot with ELA takes 2.52 s and consumes 39.31 mC. When compared to a baseline EDHOC version, flash and RAM have an overhead of 10.67% and 22.63%, respectively, and message footprint increases by only 49 B. ELA is being standardized in the Internet Engineering Task Force (IETF).