PingOne Privilege

Managing devices

On the PingOne Privilege platform, every registered device is uniquely associated with a single user, and each user can have one or more registered devices.

Before you begin

Users must onboard devices before they can use them to access resources with PingOne Privilege. For information about onboarding devices, see the following topics:

Device onboarding process

When a user onboards a device, the following sequence of events occurs:

  1. The PingOne Privilege authenticator app creates a new public/private key pair on the user’s device.

  2. The private key is stored securely within the device’s TPM and is configured to be non-exportable. The corresponding public key is sent to the PingOne Privilege controller.

  3. A device certificate is generated locally and signed by the new private key. The device, now identified by this certificate, is registered with the PingOne Privilege controller.

  4. On laptops, a persistent mutual TLS (mTLS) connection is established with the PingOne Privilege controller.

    This connection is required for passwordless resource access and has the following characteristics:

    • The mTLS connection remains active as long as the laptop is running.

    • If the laptop wakes from a sleep state, the connection is automatically re-established.

    • The connection can be manually disconnected using a toggle switch in the authenticator app.

Viewing and searching for devices

To view and search for devices registered on the PingOne Privilege platform:

  1. In the PingOne Privilege admin console, go to Directory > Devices.

  2. Use the search bar to find a specific device by a user’s email address, device model, OS version, or device name.

  3. Click any device in the list to view its detailed information.

Viewing devices owned by a specific user

To view all devices registered to a specific user:

  1. In the PingOne Privilege admin console, go to Directory > Users.

  2. Find the target user in the list and click their name to open their profile.

  3. The Overview section displays a list of all devices registered to that user.

Activating and deactivating a device

Deactivating a device temporarily prevents it from being used to access resources.

To activate or deactivate a device:

  1. In the PingOne Privilege admin console, go to Directory > Devices.

  2. In the list, select a device to open its details.

  3. Toggle Active to activate or deactivate the device.

Removing a device

Removing a device permanently unregisters it from the PingOne Privilege platform. The user must onboard the device again to use it.

Deactivating or removing a device will instantly terminate all active sessions originating from that device.

To remove a device:

  1. In the PingOne Privilege admin console, go to Directory > Devices.

  2. In the list, select a device to open its details.

  3. Click Remove Device. Confirm the action.