Device onboarding to nRF Cloud
This page explains the different methods of device onboarding, meaning connecting a device to nRF Cloud and registering its device certificate. This allows the device to use the nRF Cloud MQTT APIs through the IoT broker, or to connect to nRF Cloud through CoAP.
The process of connecting a device to nRF Cloud is referred to here as onboarding to separate it from secure provisioning through nRF Cloud Security Services.
For nRF91x1 devices, you can auto-onboard a device when you claim it. For other devices, including the nRF9160, you can onboard to nRF Cloud using preconnect onboarding.
Overview of methods
nRF Cloud offers various ways to onboard devices, enabling static manufacturing phase credential creation and runtime remote provisioning. The following table lists the onboarding options supported by nRF Cloud.
| Onboarding process | Description | Services enabled |
|---|---|---|
| Provisioning Service: Claim | Use the device's secure identity to claim ownership, enabling secure remote provisioning of the device to any cloud and lifecycle security asset management. | Provisioning Service |
| Provisioning Service: Claim and auto-onboard | Use the device's secure identity to claim ownership, enabling secure remote provisioning, and auto-onboard the device to the rest of nRF Cloud services. | Provisioning Service, Device Management, Location Services |
| nRF Cloud: Preconnect onboarding (certificate-based) | Onboard the device with a self-signed device certificate to nRF Cloud services. | Device Management, Location Services |
| nRF Cloud: Preconnect onboarding (public key-based) | Use the device's trusted firmware to create keys, then onboard the device with its public key to nRF Cloud services. | Device Management, Location Services |
| Pre-provisioned DK and Thingy devices | For development only. Nordic Semiconductor DK and Thingy devices are pre-provisioned in the device manufacturing phase. The device is set up to connect to nRF Cloud but not yet associated with your team. Association happens using the IMEI and pin by the user. | Device Management, Location Services |
Auto-onboarding
For nRF91x1 devices that are compatible with nRF Cloud Security Services, you can choose to auto-onboard devices during the claiming process. This means that the necessary credentials are provisioned to the device remotely, and you do not need to manually add devices to nRF Cloud as a separate step.
Auto-onboarding uses the secure identity of a device and the Provisioning Service to create a separate cloud access key on the device. Auto-onboarding during device claiming is currently supported for individual and bulk claimed devices in the nRF Cloud portal.
To claim and onboard multiple devices, you can create a provisioning rule during bulk claiming through the nRF Cloud portal. nRF Cloud adds these devices to a provisioning group targeted by the provisioning rule. You can also manage provisioning rules and groups manually.
See the guide to claiming devices.
Preconnect onboarding
For devices that cannot use the Provisioning Service, you can use the
OnboardDevices
endpoint to onboard them. This allows you to onboard the devices in bulk and add
them to your team before they connect for the first time.
This method uses either a device certificate or public key. Device certificates are created using your own CA certificate. See Securely generating credentials for nRF91 Series devices for more information on creating and injecting device certificates.