Issue Your Device

  1. Connect the device you want to issue and click on Add Device:

    My Devices page displaying a device in the Active state with the Add Device button outlined in red in the top right corner

  2. Checks are performed to verify that the ActivID CMS Web Browser extension and HID CMS Client are installed.

    Note: Refer to Troubleshooting if these checks are not successful.

  3. A check is then performed to detect your device:

    Add Device dialog box during Check Device step with a Cancel button in the bottom right corner

    Note: This check searches only for available and compatible devices (for example, a device that is not yet issued).

    If your device is detected, the next step begins automatically.

    Important:

    • If no device is detected, you are prompted to connect your device and hit Refresh:
      Add Device dialog box during Check Device step displaying instructions for when no compatible device is not detected, with a Refresh button in the top right corner outlined in red and with a Cancel button in the bottom right corner
      Once your device is detected, issuance is started automatically.

    • If more than one device is detected, you must select the device you want to issue, and click Next:

      Add Device dialog box during Check Device step with one device selected among two devices displayed, with a Refresh button in the top right corner and with a Cancel button and a Next button in the bottom right corner

  1. The device is issued:

    Add Device dialog box during Issue Device step with Device Issuance in progress

    Important: During the issuance, the following message may be displayed:
    Add Device dialog box during Issue Device step displaying message about device registration while Device Issuance is in progress
    You should follow the instructions in the dialog boxes that are displayed. If you do not complete this process, the issuance will fail. (For details, see Particularities Concerning FIDO Applications).
    Note: Refer to Troubleshooting if the issuance fails.

  2. After the device is issued, you are prompted to change the PIN:

    Add Device dialog box during Change PIN step showing empty New PIN field selected, with a Cancel button in the bottom right corner

    Important: If you do not change the PIN, your device is not activated and is shown on your My Devices page as Pending status. You cannot activate or use this device until it has been activated by an operator using the Operator Portal.
    Note: When the device is activated by the operator, it will still have its initial PIN.

  3. Enter and confirm your new PIN, then click Next. The device is then activated:

    4. Add Device dialog box during Change PIN step showing device activation in progress

    After your device is activated, the Add Device dialog box closes automatically. Your My Devices page now displays details about the newly-issued device:

    My Devices page displaying two devices in the Active state with the Add Device button in the top right corner

Particularities Concerning FIDO Applications

If your device contains a FIDO application that uses an Entra ID passkey-enabled service, you will be prompted by Microsoft Windows to register the passkey. You will enter or set your FIDO application PIN during the passkey registration with Entra ID. This takes place during the issuance of your device (before setting the device PIN).

Note: The FIDO application PIN may be either independent from, or shared with, the PIN that protects the other credentials (PKI, etc.) — in other words, the “device PIN”.

Depending on your device and its configuration:

  • If the FIDO application PIN is not shared, you are prompted to set your FIDO application PIN. This PIN can be the same as the device PIN you provide to HID CMS at the end of the issuance.

    Note: You may choose to have different PINs, just remember to use the right PIN in the right context: the FIDO application PIN for passkey authentication with Entra ID, and the device PIN for all the other HID CMS scenarios.

  • If the FIDO application PIN is shared, HID CMS displays a temporary PIN that you must use to register your passkey with Entra ID.

    Note: This temporary PIN is automatically copied to the clipboard and you just need to paste it (using Ctrl+V) when prompted by the Microsoft Windows passkey registration pop-ups. You do not need to remember this temporary PIN.

    At the end of the issuance, HID CMS asks you to enter your definitive device PIN. This same PIN will also be used for passkey authentication with Entra ID.