24.5 Setting up a credential profile to use to issue device identities
Before you can request a device identity, you must set up at least one credential profile to use for issuing device identities.
To set up a credential profile:
- From the Configuration category, select Credential Profiles.
- Click New.
- In the Card Encoding section, select Device Identity (Only).
- Type a Name and Description for the credential profile.
- Click Issuance Settings.
-
Select the following options:
- Validate Issuance – select this option if you want to ensure that all device identity requests are approved before the device identity can be collected.
- Validate Cancellation – select this option if you want to ensure that all device identity cancellation are approved before the device identity is canceled.
- Require Challenge –You can choose whether to display the one-time challenge code on screen or send an email message containing the challenge code. See section 24.8, Requesting a device identity for details.
Note: Do not select the Require user data to be approved option. The device identity is issued to a device, not a user, and therefore cannot have the user data approved flag set.
- Click Next.
-
Select the certificate you want to issue to the device.
Note: Do not select a certificate policy that has the Automatic Renewal option set in the Certificate Authorities workflow – device identities do not support automatic renewals. If you need to renew a device identity, you must request a new identity for the device.
Note: You must not select any certificates policies that are marked as archived; you cannot issue device identities with archived certificates. If you attempt to collect a device identity using a credential profile that has an archived certificate, the collection will fail.
- Click Next and complete the workflow.