Skip to main content

Create a device group

To complete these steps, make sure you have:

  • A division created in DigiCert® Device Trust Manager. Each device group must be assigned to a division.

  • An existing certificate management policy configured to support device registration and management.

  • A user account with the Solution Administrator role. This is required to create and manage device groups.

  1. Sign in to DigiCert® ONE as a Solution Administrator.

  2. In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.

  3. In the menu, select > .

  4. Select Create device group.

  5. On the Settings step:

    1. Enter a Device group name that reflects the organizational structure or purpose.

    2. Select the Division for the device group.

    3. Optionally, add Labels to assist in searching and organizing device groups. These tags display in the device groups table.

    4. Select up to three Inventory attributes that uniquely identify the devices in the group. For example, MAC address, Serial number, and CPU ID.

      Avis

      What are these used for? These selected attributes are used to create a device's identity attribute. A device's identity attribute must be unique across your fleet to ensure reliable device identification and management. See Attributes to learn more.

    5. Optionally, add any Desired Attributes for metadata that will be applied across all devices in the group. For example, a key of EnvKey with a value of Production.

  6. On the Certificate management policy assignment step:

    1. Select Assign certificate management policy to open the Assign Certificate Management Policy pane.

    2. Select a Policy usage:

      • Bootstrap: defines how to issue and manage an initial/birth certificate.

      • Operational (optional): This policy type issues and manages short-lived x.509 certificates for device-service communication. certificates have a short lifespan, can be revoked, and are obtained using a bootstrap credential.

    3. Enter the Name of the policy assignment.

    4. From the Assign Certificate management policy dropdown, choose a certificate management policy.

    5. Expand Device field mapping and map the inventory attributes (selected in the previous step) to certificate fields.

      Important

      If a certificate management policy uses EST, SCEP, or CMPv2 as the management method, then device field mapping is required.

      • For bootstrap certificate management policies, field mapping provides the values for identity attributes, which are obtained during certificate requests.

      • For operational certificate management policies, field mapping provides device identification using the CSR during the certificate issuance request process.

    6. Optionally, choose an Authentication policy to assign to the device group.

    7. Select Assign certificate management policy.

      Astuce

      You can assign multiple certificate management policies to a device group. For example, one for a bootstrap and another for an operational policy. To assign another policy, repeat the above steps (3.a to 3.g).

    8. Select Create device group to create.

Dans cette section​: