Managing claimed devices using the nRF Cloud portal

This page explains how to create provisioning groups and claim devices using the nRF Cloud portal. See Managing claimed devices using the APIs if you want to use the APIs instead.

Prerequisites

Complete these steps before claiming your device:

• Program the device with a sample compatible with nRF Cloud Security Services, such as the Multi-service sample configured for your desired protocol.
• Create an nRF Cloud account.

Requirements

• nRF91x1 device.
• Modem firmware v2.0.0 or later.
• Serial Terminal app.

Claiming devices

This section explains how to claim a device, with the option to auto-onboard one or more devices.

To claim a device, you must first generate an attestation token:

1. Open Serial Terminal.

2. Connect your device over USB and turn it on.

3. Select your device in Serial Terminal to connect to it.

4. Enter the AT%ATTESTTOKENcommand to generate an identity attestation token.

   • If you are using the Multi-service sample, you may need to format AT commands with an additional at prefix (with a space): for example, at AT%ATTESTTOKEN.

5. Copy the content of the response between the quotation marks.

   • For bulk claiming, repeat these steps for each device, storing the tokens in a CSV file.

6. Log in to the nRF Cloud portal.

7. Select Security Services in the left sidebar.

   A panel opens to the right.

8. Select Claimed Devices.

9. Click the Claim Device button.

   A pop-up opens.

10. Select either Single or Bulk, depending on the number of devices:

Single device

To claim a single device, with optional auto-onboarding:

1. Copy and paste the identity attestation token into the Claim token text box.
2. Enter the name of an existing provisioning rule, or create a new rule to auto-onboard the device during the claiming process as follows:

   1. Click the toggle to create a new rule.

   2. Enter a rule name (must be unique).

   3. (Optional) Click Additional Configuration to show more options:

      • Specify the security tag (if different than the default).

      • Choose which certificates you want to provision to the device, depending on your firmware configuration and protocol:

        • All: (Recommended) Certificates for REST, MQTT, and CoAP.
        • AWS: Required certificates for REST and MQTT only.
        • CoAP: Required certificate for CoAP only.
        • None: Do not provision any certificates.

      • (Optional) Select a device management group.

      • (Optional) Specify supported firmware types. This depends on your application configuration.

      • (Optional) Specify device subtype.

   4. Click Claim Device.

The device is now claimed, and an entry appears on the Claimed Devices page. If you created an auto-onboarding rule, nRF Cloud adds the device to the corresponding provisioning group. You can use this group later to add more devices.

note

Auto-onboarding rules that you create during device claiming are immediately activated. You cannot edit the rule or commands for an activated rule.

nRF Cloud generates provisioning commands to handle key and certificate generation for onboarding. If you chose to auto-onboard the device, see Verifying auto-onboarding.

Bulk

To claim multiple devices, with optional auto-onboarding:

1. Drag and drop a CSV file containing the required information.
2. Either specify a provisioning group for an existing rule, or click the toggle to create a new auto-onboarding rule:

   1. Click the toggle to create a new rule.

   2. Enter a rule name (must be unique).

   3. (Optional) Click Additional Configuration for more options:

      • Specify the security tag (if different than the default).

      • Choose which certificates you want to provision to the device, depending on your firmware configuration and protocol:

        • All: (Recommended) Certificates for REST, MQTT, and CoAP.
        • AWS: Required certificates for REST and MQTT only.
        • CoAP: Required certificate for CoAP only.
        • None: Do not provision any certificates.

      • (Optional) Select a device management group.

      • (Optional) Specify supported firmware types. This depends on your application configuration.

      • (Optional) Specify device subtype.

   4. Click Claim Devices.

The devices are now claimed, and entries for them appear on the Claimed Devices page. If you created an auto-onboarding rule, nRF Cloud adds the devices to the corresponding provisioning group.

nRF Cloud generates provisioning commands to handle key and certificate generation for onboarding. If you chose to auto-onboard your devices, see Verifying auto-onboarding.

note

If you chose not auto-onboard your devices while claiming and need to create a configuration or rule manually, see the following pages:

• Define a single-device provisioning configuration.
• Manually create provisioning rules that apply to multiple devices.

Verifying auto-onboarding

If you chose to auto-onboard during the claiming process, do the following to verify that the device has onboarded:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Click the ID or name of the claimed device.

5. Verify that the device's status is PROVISIONED and the status of each command under the Provisioning Configuration card is Succeeded.

   • If the device or command status is PENDING, open Serial Terminal, connect the device, and ensure that the device has successfully connected to the Provisioning Service and received commands. The interval between checks depends on application configuration.
   • If the device's status is ERROR and any of the commands have failed, see Troubleshooting.

6. Select Device Management from the left sidebar.

   A panel opens to the right.

7. Select Devices.

8. Verify that the new device appears on the Devices page.

You can still perform other operations using provisioning rules after onboarding the device.

Provisioning groups

You do not need to create a provisioning group manually if you created a rule while auto-onboarding one or more devices.

Create and manage your groups manually if your devices need to process more than one rule, or if your rule will contain commands not included at claiming.

note

Provisioning groups and tags are separate from device groups and tags in the rest of nRF Cloud.

Click the following tabs for more information on each operation.

Viewing

To view existing provisioning groups:

1. Log in to the nRF Cloud portal.

2. Select Security Services in the left sidebar.

   A panel opens to the right.

3. Select Provisioning Groups.

   The Provisioning Groups page opens.

Adding

To add a new provisioning group:

1. Click the Add group button.

   A pop-up opens.

2. Enter the group name and optional description.

3. Click Add group.

The new provisioning group is added. You can add devices to groups when you claim them.

Editing

To edit a provisioning group:

1. From the Provisioning Groups page, find the desired group.
2. Click the gear icon at the end of the row for that group.
3. Select Edit to change the group's name or description.
4. Click Submit.

Deleting

To delete a provisioning group:

1. From the Provisioning Groups page, find the desired group.
2. Click the gear icon at the end of the row for that group.
3. Select Delete.
4. Confirm that you want to delete the group.

Blocking and unblocking devices

Blocking a device prevents it from checking for and applying new provisioning configurations or rules. You maintain the claim on a blocked device and can unblock it at any time.

Blocking

You can block a single claimed device from its own page, or block multiple devices from the Claimed Devices overview.

Single device

To block a single device:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Click the ID or name of the claimed device.

5. Click Block.

   A pop-up opens.

6. Click OK.

The device is now blocked.

Multiple devices

To block multiple devices:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Select the checkbox next to the devices you want to block.

5. Click Block.

   A pop-up opens asking for confirmation.

6. Click OK.

The devices are now blocked.

Unblocking

You can unblock a single claimed device from its own page, or unblock multiple devices from the Claimed Devices overview.

Single device

To unblock a device:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Click the ID or name of the claimed device.

5. Click Unblock.

The device is now unblocked.

Multiple devices

To block multiple devices:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Select the checkbox next to the devices you want to unblock.

5. Click Unblock.

The devices are now unblocked.

Unclaiming devices

You can unclaim a single claimed device from its own page, or unclaim multiple devices from the Claimed Devices overview.

Caution

Unclaiming a device means that another user or team can claim it and create a provisioning configuration for it. If you want to securely provision the device, you will need to claim it again.

Single device

To unclaim a single device:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Click the name or ID of the device you want to unclaim.

5. Click Unclaim.

   A pop-up opens asking for confirmation.

6. Click OK.

The device is now unclaimed, and can be claimed by another user or team.

Unclaiming a device does not delete it from nRF Cloud if the device is already onboarded. If you want to fully remove it from your team, you must also delete it.

Multiple devices

To unclaim multiple devices:

1. Log in to the nRF Cloud portal.

2. Select Security Services from the left sidebar.

   A panel opens to the right.

3. Select Claimed Devices.

4. Select the checkbox next to each device you want to unclaim.

5. Click Unclaim.

   A pop-up opens asking for confirmation.

6. Click OK.

The devices are now unclaimed, and can be claimed by another user or team.

Unclaiming devices does not delete them from nRF Cloud if they are already onboarded. If you want to fully remove unclaimed devices from your team, you must also delete them.