Part 3: Set up device management
Establishing device groups and registering devices in DigiCert® Device Trust Manager allow you to effectively organize, manage, and secure device fleets. This guide walks you through creating device groups to organize devices and registering a single device or if needed many devices.
Objectives
Create a device group to organize devices based on criteria such as location or function.
Register devices in Device Trust Manager to enable management, monitoring, and updates.
Before you begin
Completed all steps in Part 2: Configure Device Trust Manager to prepare your account for device management.
Reviewed the following concepts: Device group and Registration.
A user account with the Solution Administrator or Device Creator role.
注記
Device management is available in the Advanced plan or higher. See Licensing and plans.
Step 1: Create a device group
Device groups allow you to organize devices based on criteria such as deployment needs or functional requirements. Every device must belong to a device group to support certificate policies, updates, and structured management.
Sign in to DigiCert® ONE as a Solution Administrator or Device Creator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Device management > Device groups.
Select Create device group.
On the Settings step:
Enter a Device group name that reflects the organizational structure or purpose.
Select the Division for the device group.
Optionally, add Labels to assist in searching and organizing device groups.
Select up to three Inventory attributes that uniquely identify the devices in the group. For example, MAC address, Serial number, and CPU ID.
Optionally, add any Desired Attributes for metadata that will be applied across all devices in the group. For example, a key of EnvKey with a value of Production.
On the Certificate management policy assignment step:
Select Assign certificate management policy to open the Assign Certificate Management Policy pane.
Under Policy usage, select Bootstrap.
Enter the Name of the policy assignment.
From the Assign Certificate management policy dropdown, choose the certificate management policy created in Part 2: Configure Device Trust Manager.
Expand Device field mapping and map the inventory attributes (selected in the previous step) to certificate fields.
Optionally, choose an Authentication policy to assign to the device group.
Select Assign certificate management policy.
Select Create device group to create.
Step 2: Register a single device
Registering a device in Device Trust Manager enables secure management and monitoring throughout the device's lifecycle. By creating a device record, Device Trust Manager can apply policies, deploy updates, and track device status.
注記
In the Advanced plan or higher, devices must be registered to enable platform management. In the Essentials plan, device registration is not required; only device certificates are issued, and no device record is created.
In the Device Trust Manager menu, select Device management.
Select Register devices > Register single device.
On the Device information step:
Enter a Device name and, optionally, a description.
Choose which Device group the registered device will be assigned to.
Select Next.
On the Certificate management policies step:
Expand the Bootstrap certificate management policy for the device.
For the Bootstrap certificate management policy, choose the certificate management policy created in Part 2: Configure Device Trust Manager.
Select Who generates the keypairs and if required, upload necessary files.
Under Certificate variables:
Enter the Common name for the certificate.
Modify additional fields as needed.
Select Register device. If you selected DigiCert ONE to generate the keypairs, download the device’s private key and save it securely.
重要
Do not select an Operational certificate management policy at this stage as operational certificates are managed through TrustEdge agent.
The device will appear in the devices table with a Device state of Registered and a Connection status of Not connected.
ヒント
For large-scale device onboarding, use batch registration to register multiple devices at once by uploading a CSV file.
Review your progress
After completing these steps, your Device Trust Manager setup should include:
Organized device groups for structured management.
Registered devices to prepare for management and updates.
What’s next?
Continue to Part 4: Connect a Linux device to manage the device with Device Trust Manager.