Issue a Device

  1. Connect the device you want to issue and click on Add Device:

    My Devices page displaying a device in the Active state with the Add Device button outlined in red in the top right corner

  2. Checks are performed to verify that the ActivID CMS Web Browser extension and HID CMS Client are installed; refer to Troubleshooting below if these checks are not successful.

  3. A check is then performed to detect your device:

    Add Device dialog box during Check Device step with a Cancel button in the bottom right corner

    Note: This check searches only for available and compatible devices (for example, a device that is not yet issued).

    If your device is detected, the next step begins automatically.

    Important:

    • If no device is detected, you are prompted to connect your device and hit Refresh:
      Add Device dialog box during Check Device step displaying instructions for when no compatible device is not detected, with a Refresh button in the top right corner outlined in red and with a Cancel button in the bottom right corner
      Once your device is detected, issuance is started automatically.

    • If more than one device is detected, you must select the device you want to issue, and click Next:

      Add Device dialog box during Check Device step with one device selected among two devices displayed, with a Refresh button in the top right corner and with a Cancel button and a Next button in the bottom right corner

  1. The device is issued:

    Add Device dialog box during Issue Device step with Device Issuance in progress

    Important: During the issuance, the following message may be displayed:
    Add Device dialog box during Issue Device step displaying message about device registration while Device Issuance is in progress
    You should follow the instructions in the dialog boxes that are displayed. If you do not complete this process, the issuance will fail. (For details, see Particularities Concerning FIDO Applications).
    Note: Refer to Troubleshooting below if the issuance fails.

  2. After the device is issued, you are prompted to change the PIN:

    Add Device dialog box during Change PIN step showing empty New PIN field selected, with a Cancel button in the bottom right corner

    Important: If you do not change the PIN, your device is not activated and is shown on your My Devices page as Pending status. You cannot activate or use this device until it has been activated by an operator using the Operator Portal.
    Note: When the device is activated by the operator, it will still have its initial PIN.

  3. Enter and confirm your new PIN, then click Next. The device is then activated:

    4. Add Device dialog box during Change PIN step showing device activation in progress

    After your device is activated, the Add Device dialog box closes automatically. Your My Devices page now displays details about the newly-issued device:

    My Devices page displaying two devices in the Active state with the Add Device button in the top right corner

Troubleshooting

  • If the ActivID CMS Web Browser extension is not detected, you are prompted to install it:

    Add Device dialog box during Check Browser step when ActivID CMS extension is not installed displaying instructions on how to install it, with a Cancel button and a Next button in the bottom right corner

  • If the HID CMS Client is not installed, or the version installed is outdated, you are prompted to install it:

    Add Device dialog box during Check Client step when client software is not installed displaying instructions on how to install it, with a Cancel button and a Next button in the bottom right corner Add Device dialog box during Check Client step when client software is outdated displaying instructions on how to install the latest version, with a Cancel button and a Next button in the bottom right corner

  • If the issuance fails, a dialog box appears:

    Add Device dialog box during Check Client step when device issuance fails displaying a Show Details link, with a Cancel button and a Retry button in the bottom right corner

    • Clicking on Show Details displays information concerning the error encountered:

      Add Device dialog box during Check Client step when device issuance fails and Show Details has been clicked, with a Cancel button and a Retry button in the bottom right corner

      Note: You can click Copy icon to copy the error information.

    • Clicking Retry starts the issuance again using the same device with the same policy. Do not remove the device from the reader.

    • Clicking Cancel closes the Add Device dialog and stops the issuance.

      Note: After a failed issuance, even if you choose neither Retry nor Cancel (for example, you close the dialog box or browser, or log out), the device can still be recycled.

Particularities Concerning FIDO Applications

If your device contains a FIDO application that uses an Entra ID passkey-enabled service, you will be prompted by Microsoft Windows to register the passkey. You will enter or set your FIDO application PIN during the passkey registration with Entra ID. This takes place during the issuance of your device (before setting the device PIN).

Note: The FIDO application PIN may be either independent from, or shared with, the PIN that protects the other credentials (PKI, etc.) — in other words, the “device PIN”.

Depending on your device and its configuration:

  • If the FIDO application PIN is not shared, you are prompted to set your FIDO application PIN. This PIN can be the same as the device PIN you provide to HID CMS at the end of the issuance.

    Note: You may choose to have different PINs, just remember to use the right PIN in the right context: the FIDO application PIN for passkey authentication with Entra ID, and the device PIN for all the other HID CMS scenarios.

  • If the FIDO application PIN is shared, HID CMS displays a temporary PIN that you must use to register your passkey with Entra ID.

    Note: This temporary PIN is automatically copied to the clipboard and you just need to paste it (using Ctrl+V) when prompted by the Microsoft Windows passkey registration pop-ups. You do not need to remember this temporary PIN.

    At the end of the issuance, HID CMS asks you to enter your definitive device PIN. This same PIN will also be used for passkey authentication with Entra ID.