Unlocking Devices

If a FIDO device PIN becomes locked, it is typically irrecoverable and normally requires a device reset, which results in the loss of all stored credentials.

However, using the Device Unlock service in Customer Central, you can unlock the PIN, allowing users to set a new PIN and continue using their existing credentials.

Important: Before starting the procedure, you need to make the Device Unlock application available to users via your organization’s software distribution channel.
Note: This service is only supported for locked devices.

Device Management device not locked

Prerequisites:  

  • You have a valid license for the Device Unlock service

    To purchase new licenses or renew existing ones, contact your HID Account Manager.

  • The user has a locked FIDO device with a blocked PIN

  • The help desk operator has access to Customer Central with the Device Unlock service enabled

Distribute the Device Unlock Application

  1. Sign in to Customer Central.

  2. Select Device Management in the left menu.

  3. Select Downloads under FIDO Management.

    Device Management downloads

  4. Click DOWNLOAD for the Device Unlock application.

  5. Make the application available to your users for download via your organization’s software distribution channel (for example, the approved unified endpoint management (UEM) tools).

    It is also recommended to provide installation and usage instructions.

User - Unlock Your Device

Prerequisites: You must have administrator rights to install and use the application.

As a user, you can unlock your device in coordination with your help desk operator (or IT administrator).

  1. Download the Device Unlock application as instructed by your help desk.

  2. Double-click the .msix file to launch the setup.

    Device Management Install Device Unlock app

  3. Click Install.

    Device Management Device Unlock app ready

  4. Click Launch.

  5. Insert the locked FIDO device into the machine's USB port or place/insert the locked smart card into the reader.

    The application detects the device and displays the information.

  6. Provide the Device ID displayed by the Device Unlock application to your help desk operator.

  7. Provide the Device Challenge code displayed by the Device Unlock application to your help desk operator.

  8. Enter the Response Code provided by your help desk operator.

  9. Enter and confirm a New PIN.

    The PIN must meet the following conditions:

    • Minimum length - 6 alphanumeric characters

    • Maximum length - 63 alphanumeric characters

  10. Click UNLOCK.

Help Desk - Unlock a Device for a User

Prerequisites: The user has installed the Device Unlock application.

  1. Sign in to Customer Central.

  2. Select Device Management in the left menu.

  3. Select Devices under FIDO Management.

  4. Search for the user using the Provisioned To filter.

    Alternatively, ask the user for the Device ID displayed by the Device Unlock application to locate the locked device.

    The list is dynamically updated with the corresponding device(s).

  5. Click UNLOCK.

  6. Ask the user for the Device Challenge code displayed by the Device Unlock application:

    Note: The challenge must be 32 characters (alphanumeric).

  7. Click GENERATE RESPONSE CODE.

  8. Give the generated Response Code to the user and instruct them to enter it in the corresponding field.

  9. Instruct the user to set a New PIN and click UNLOCK.

  10. Click DONE when the device is successfully unlocked.