Device Inventory
Device Inventory provides a centralized, real-time view of all registered FIDO authenticators in an organization. It enables administrators to quickly locate devices and perform the following actions:
View Device Inventory Details
Device Inventory provides two types of views to help administrators access device details efficiently:
- Summary View: Displays essential device details in a compact format for quick identification and action.
- Expanded View: Provides complete device information, including lifecycle and compliance details, for in-depth management.
Summary View
| Column | Description |
|---|---|
| Device | Displays the names of the FIDO authenticators (for example, SafeNet eToken Fusion NFC PIV Enterprise). |
| Device Mode | Indicates whether a device is Managed or Unmanaged. Managed devices are Thales FIDO 2.1 devices, which support setting an admin PIN and enterprise features. Some of the enterprise features include configuring a minimum PIN length, enforcing PIN changes, enforcing user verification, and whitelisting web services. |
| Policy | Displays the authentication policies assigned to devices. |
| User Name | Displays the usernames of users associated with the devices. |
| Actions: Revoke | Provides an option to revoke a device from use. |
Expanded View
In addition to the information available in the Summary view, the Expanded view provides more device-specific details that support device lifecycle management and compliance tracking.
To view these details, under Device Inventory, click on the expand arrow 
icon for the desired device.
| Column | Description |
|---|---|
| SERIAL NUMBER | Displays the unique serial number of the device. |
| VERSION | Displays the device version (for example, FIDO_2_1). |
| AAGUID | Provides Authenticator Attestation Globally Unique Identifier (AAGUID), a unique identifier for device identification. |
| STATUS | Indicates the current state of the device (REVOKED, ENROLLED, CONFIGURED). |
| IDENTITY PROVIDER | Displays name of the identity provider. |
| UPDATED | Displays the last updated date and time for the device record. |
Search Devices
The Search operation allows administrators to quickly locate devices across large inventories. Use the search bar to filter configured devices and view their details based on any of the following criteria:
-
Serial Number – To search for a device using its unique serial number.
-
Policy Name – To list all devices to which a specific policy is applied.
-
User Name – To list device(s) assigned to a specific user.
Tip
For best results, search using the complete value (for example, a complete Serial Number) . If the exact value is unavailable, begin with a partial serial Number, the policy name, or user name to narrow down the results.
Export Devices
The Export operation generates complete details (in a .csv file) of all the devices listed under Device Inventory. The exported file includes information from both the Summary view and the Expanded view for devices listed in the current inventory list.
To export devices' details, under Device Inventory, click Export.
Note
If required, use the Search operation to refine the device list and then click Export.
Caution
Exported files may contain sensitive information such as serial numbers and assignment details. Store and share the exported files in accordance with your organization’s data handling and security policies.
Revoke Devices
The Revoke operation permanently disables a device for authentication. Use Revoke when a device is lost, stolen, compromised, or no longer authorized. Revocation changes the device status to Revoked and prevents the device from being used for future authentication.
Perform the following steps to revoke a device:
-
Under Device Inventory, search and locate the device that you want to revoke.
-
In the Action column, click the three-dots
icon for the device, and then select Revoke.
-
The Revoke Device window is displayed. Click Revoke to confirm the operation.
After the device is successfully revoked, the STATUS of the device is changed to Revoked.
Warning
Revocation is a permanent action. Once a device is revoked, it is permanently disabled and cannot be used for authentication again.
To reuse the device, it needs to be re-enrolled for a user.
