To complete these steps, make sure you have:
- ×
A division created in DigiCert® Device Trust Manager. Each device group must be assigned to a division.
- ×
An existing certificate management policy configured to support device registration and management.
- ×
A user account with the Solution Administrator role. This is required to create and manage device groups.
Sign in to DigiCert® ONE as a Solution Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Device management > Device groups.
Select Create device group.
On the Settings step:
Enter a Device group name that reflects the organizational structure or purpose.
Optionally, provide a Description.
Select the Division from the dropdown list.
Optionally, notify the users for device registration. The notified users receive an email with a link.
Optionally, add Tags to assist in searching and organizing device groups. These tags display in the device groups table.
Select up to three Inventory attributes that uniquely identify the devices in the group. For example, MAC address, Serial number, and CPU ID.
참고
What are these used for? These selected attributes are used to create an identity attribute for a device. This identity attribute of the device must be unique across your fleet to ensure reliable device identification and management. See Attributes to learn more.
Optionally, add any Custom inventory attribute. You can create your inventory attributes by adding a key and configuring the values through the
attributes.jsonfile on the device.Optionally, add any Desired Attributes for metadata that will be applied across all devices in the group. For example, a key of EnvKey with a value of Production.
On the Certificate management policy assignment step:
Select Assign certificate management policy to open the Assign Certificate Management Policy pane.
Select a Policy usage:
Bootstrap: Defines how to issue and manage an initial/birth certificate.
Operational (optional): This policy type issues and manages short-lived X.509 certificates for device-service communication. These certificates have a short lifespan, can be revoked, and are obtained using a bootstrap credential.
Enter the Name of the policy assignment.
From the Assign Certificate management policy dropdown list, choose a certificate management policy.
Expand the Device field mapping and map the inventory attributes (selected in the previous step) to certificate fields.
중요
If a certificate management policy uses EST, SCEP, or CMPv2 as the management method, then device field mapping is required.
For bootstrap certificate management policies, field mapping provides the values for identity attributes, which are obtained during certificate requests.
For operational certificate management policies, field mapping provides device identification using the CSR during the certificate issuance request process.
Optionally, choose an Authentication policy to assign to the device group.
참고
If a certificate management policy uses EST, SCEP, or CMPv2 as the management method, then device field mapping is required.
If the certificate management policy already specifies an authentication policy, that policy is applied by default. Selecting a different authentication policy in this setting will override the default configuration.
Click Assign certificate management policy.
Select Create device group.