Skip to main content

Manage identity enrollment

The Enrollment section of the Edit Identity page shows different options depending on where the identity is in its enrollment lifecycle: Reset enrollment, Reissue enrollment, and Delete enrollment.

Reset enrollment

Use Reset enrollment when an identity has already enrolled but you need to issue new enrollment credentials. Common reasons include:

  • The user is switching to a new device.
  • The enrollment data was lost, overwritten, or corrupted.
  • You suspect the enrollment credentials have been stolen or compromised.

Resetting enrollment immediately invalidates the existing credentials and generates a new enrollment token. Any active sessions using those credentials are disconnected instantly.

warning

Resetting enrollment drops all active connections for that identity the moment you confirm. Coordinate with the affected user before resetting if possible.

Steps

  1. From the console, select your network from the dropdown in the left-hand menu.

  2. Click Identities in the left sidebar.

  3. Click the identity you want to reset. The Edit Identity page displays.

  4. In the Enrollment section, click Reset enrollment. A window displays.

  5. In the Date enrollment expires field, select an expiration date using the calendar.

  6. Click Submit.

    A success notification confirms the token was reset. Refresh the page to access the delivery options for the new token.

Reissue enrollment

Use Reissue enrollment when an enrollment token expired before the user or device had a chance to use it. If the token is expired, the expiration date is shown in red.

Reissue appears when a reset was previously performed but the new token expired before the identity enrolled with it.

Steps

  1. From the console, select your network from the dropdown in the left-hand menu.
  2. Click Identities in the left sidebar.
  3. Click the identity you want to update. The Edit Identity page displays.
  4. In the Enrollment section, click Reissue enrollment. A window displays.
  5. In the Date enrollment expires field, select an expiration date using the calendar.
  6. Click Submit.

After resetting or reissuing

Once the new token is generated, the Edit Identity page shows these delivery options:

  • Send registration email: Sends an email with the registration instructions
  • Download JWT: Downloads the enrollment token as a .jwt file
  • Show QR code: Displays a QR code for mobile enrollment

Delete enrollment

Use Delete enrollment to remove an unused enrollment token from an identity. This option displays when the identity has a valid token that hasn't been used yet. For example, you might use it when the identity authenticates exclusively via an external Identity Provider (IdP) and the JWT enrollment token is no longer needed.

warning

Deleting the enrollment token is irreversible. The identity can't be re-enrolled via the console.

Steps

  1. From the console, select your network from the dropdown in the left-hand menu.
  2. Click Identities in the left sidebar.
  3. Click the identity you want to update. The Edit Identity page displays.
  4. In the Enrollment section, click Delete enrollment.
  5. Click Yes to confirm.