--- title: Managing devices description: Every registered device is uniquely associated with a single user, and each user can have one or more registered devices. component: privilege page_id: privilege:privileged-access-management:admin-tasks/directory/devices canonical_url: https://docs.pingidentity.com/privilege/privileged-access-management/admin-tasks/directory/devices.html revdate: February 16, 2026 section_ids: before-you-begin: Before you begin device-onboarding-process: Device onboarding process viewing-and-searching-for-devices: Viewing and searching for devices viewing-devices-owned-by-a-specific-user: Viewing devices owned by a specific user activating-deactivating-devices: Activating and deactivating a device removing-device: Removing a device --- # Managing devices On the PingOne Privilege platform, every registered device is uniquely associated with a single user, and each user can have one or more registered devices. ## Before you begin Users must onboard devices before they can use them to access resources with PingOne Privilege. For information about onboarding devices, see the following topics: ## Device onboarding process When a user onboards a device, the following sequence of events occurs: 1. The PingOne Privilege authenticator app creates a new public/private key pair on the user's device. 2. The private key is stored securely within the device's TPM and is configured to be non-exportable. The corresponding public key is sent to the PingOne Privilege controller. 3. A device certificate is generated locally and signed by the new private key. The device, now identified by this certificate, is registered with the PingOne Privilege controller. 4. On laptops, a persistent mutual TLS (mTLS) connection is established with the PingOne Privilege controller. This connection is required for passwordless resource access and has the following characteristics: * The mTLS connection remains active as long as the laptop is running. * If the laptop wakes from a sleep state, the connection is automatically re-established. * The connection can be manually disconnected using a toggle switch in the authenticator app. ## Viewing and searching for devices To view and search for devices registered on the PingOne Privilege platform: 1. In the PingOne Privilege admin console, go to **Directory > Devices**. 2. Use the search bar to find a specific device by username, device model, OS version, or device name. 3. Click any device in the list to view its detailed information. ## Viewing devices owned by a specific user To view all devices registered to a specific user: 1. In the PingOne Privilege admin console, go to **Directory > Users**. 2. Find the target user in the list and click their name to open their profile. 3. The **Overview** section displays a list of all devices registered to that user. ## Activating and deactivating a device Deactivating a device temporarily prevents it from being used to access resources. To activate or deactivate a device: 1. In the PingOne Privilege admin console, go to **Directory > Devices**. 2. In the list, select a device to open its details. 3. Toggle **Active** to activate or deactivate the device. ## Removing a device Removing a device permanently unregisters it from the PingOne Privilege platform. The user must onboard the device again to use it. | | | | - | ------------------------------------------------------------------------------------------------------------ | | | Deactivating or removing a device will instantly terminate all active sessions originating from that device. | To remove a device: 1. In the PingOne Privilege admin console, go to **Directory > Devices**. 2. In the list, select a device to open its details. 3. Click **Remove Device**. Confirm the action.