24.6 Adding devices

To add devices to MyID, you use the Add Devices workflow (in the Configuration category). You can add details manually or you can search an LDAP directory for a device if you are using an LDAP directory as your primary data source.

To enable use of the Add Devices workflow, you must set the Allow device management from the MyID user interface option to Yes. See section 30.2, Devices page (Operation Settings).

To search for a device in an LDAP directory, you must set the Allow LDAP Search for devices during Add Devices option to Yes. See section 30.3, LDAP page (Operation Settings).

Alternatively, you can use the Device Management API; see the Device Management API guide for details.

24.6.1 Adding devices manually

To add a device:

1. In the Configuration category, select the Add Devices workflow.

   You can also launch this workflow from the Device Identities section of the More category in the MyID Operator Client. See the Using Device Identities workflows section in the MyID Operator Client guide for details.

   If MyID is not configured to allow you to search the LDAP directory, the screen for manually adding devices is automatically displayed.

   Alternatively, click Manually Add.

   

2. Give the device a name and description to help identify it.

   When you add a device, make sure that the Device Name field will match one of the following in the SCEP request:

   • The DNSName in the Subject Alternative Name

   • The CN of the device's DN.
3. If you want it to be available, select Device Active.

4. You can optionally specify a DN for the device.

   MyID does not provide any validation of this DN. If you specify a value in this field, you must ensure that it is a valid DN; the value will be used in the issued device identity certificate. For example:

   CN=mydevicename,DC=mydomain,DC=local

   If you specify an invalid DN, you may see an error similar to the following:

   Failed to get size of DN

5. Model and OS are not currently supported.
6. Click Finish.

7. If you want to specify an owner for the device:

   1. Click Yes on the dialog.
   2. Use the Find Person screen to select the owner.

   If you specify an owner, the device can be managed only by the owner; for example, only the owner can cancel a device identity. In addition, the device owner is used as the target of the request device identity job.

24.6.2 Adding devices from an LDAP directory

To add a device from a directory:

1. From the Configuration category, select Add Devices.

1. Click the button next to the LDAP Group field .

1. If you want to search subgroups of the directory, select the Include Subgroups option.

1. Select the branch of the directory that contains the device you want to add.

1. Click Search.

If you need this search to return devices based on different criteria, contact customer support for assistance.

1. From the list, select the devices you want to add.

1. Click Finish to import all the devices.

Alternatively, click Edit Devices to specify whether each device is active as you import it. A separate screen is displayed for each device; select or deselect the Device Active option, then click one of the following:

• Import – import the currently-displayed device and move on to the next.

• Skip – do not import the currently-displayed device and move on to the next.

• Finish – import the currently-displayed device and all following devices. Devices you have already imported or skipped are not affected.

• Cancel – cancel the import. No devices are imported.

1. If you want to specify an owner for the devices:

• Click Yes on the dialog.

• Use the Find Person screen to select the owner.

If you specify an owner, the device can be managed only by the owner; for example, only the owner can cancel a device identity. In addition, the device owner is used as the target of the request device identity job.