If you have the on-premise authentication manager with software tokens setup then the best approach in this case to force the new users to request software tokens using the self-service console which allows the new users to select which mobile type they would like to have the token provisioned on, in this case you'll have the device type information which you can distribute software token based on the token profile that you have.
If your users are not using self-service console, then you can simply distribute software tokens using AMBA tool but you should take into consideration that an Enterprise license is required in this case, mobile type need to be requested from your users manually.
I suggest you to use Binding ID to restrict using the software token distributed for a specific use by another devices.
