Unlocking Devices

If a FIDO device PIN becomes locked, it is typically irrecoverable and normally requires a device reset, which results in the loss of all stored credentials.

However, using the Device Unlock service in Customer Central, you can unlock the PIN, allowing users to set a new PIN and continue using their existing credentials.

Prerequisites:  

  • You have a valid license for the Device Unlock service

    To purchase new licenses or renew existing ones, contact your HID Account Manager.

  • The user has a locked FIDO device with a blocked PIN

  • The help desk operator has access to Customer Central with the Device Unlock service enabled

    They must also have the Administrator or Device Service Administrator role, or at least the Unlock privilege.

Important: Before starting the procedure, you need to make the Device Unlock application available to users via your organization’s software distribution channel.
Note: This service is only supported for locked devices.

Passkey Management device not locked

Distribute the Device Unlock Application

Prerequisites: You have the Administrator or Device Service Administrator role, or at least the Downloads privilege

  1. Sign in to Customer Central.

  2. Select Downloads downloads icon in the left menu.

    Passkey Management downloads

  3. Click DOWNLOAD for the Device Unlock application.

  4. Make the application available to your users for download via your organization’s software distribution channel (for example, the approved unified endpoint management (UEM) tools).

    It is also recommended to provide installation and usage instructions.

User - Unlock Your Device

Prerequisites: You must have administrator rights to install and use the application on the workstation.

As a user, you can unlock your device in coordination with your help desk operator (or IT administrator).

  1. Download the Device Unlock application as instructed by your help desk.

  2. Double-click the .msix file to launch the setup.

    Passkey Management Install Device Unlock app

  3. Click Install.

    Passkey Management Device Unlock app ready

  4. Click Launch.

    Passkey Management Unlock device app

  5. Insert the locked FIDO device into the machine's USB port or place/insert the locked smart card into the reader.

    The application detects the device and displays the information.

    Passkey Management unlock device details

  6. Provide the Device ID displayed by the Device Unlock application to your help desk operator.

  7. Provide the Device Challenge code displayed by the Device Unlock application to your help desk operator.

  8. Enter the Response Code provided by your help desk operator.

  9. Enter and confirm a New PIN.

    The PIN must meet the following conditions:

    • Minimum length - 6 alphanumeric characters

    • Maximum length - 63 alphanumeric characters

  10. Click UNLOCK.

Help Desk - Unlock a Device for a User

Prerequisites: The user has installed the Device Unlock application.

  1. Sign in to Customer Central.

  2. Expand Passkey Management Passkey management icon in the left menu and select Unlock.

    Passkey management unlock service

  3. Search for the user.

    Alternatively, ask the user for the Device ID displayed by the Device Unlock application to locate the locked device.

    The list is dynamically updated with the corresponding device(s).

    Passkey management unlock service user

  4. Click UNLOCK.

    Passkey management unlock prompt

  5. Ask the user for the Device Challenge code displayed by the Device Unlock application:

    Note: The challenge must be 32 characters (alphanumeric).

    Passkey management unlock challenge

  6. Click GENERATE RESPONSE CODE.

    Passkey management unlock code

  7. Give the generated Response Code to the user and instruct them to enter it in the corresponding field.

  8. Instruct the user to set a New PIN and click UNLOCK.

  9. Click DONE when the device is successfully unlocked.