After a device has been successfully registered on the DualShield server and the certificate has been successfully installed on the user's device, a DeviceCert will be registered in the user's account and marked as "INACTIVE"
This DeviceCert needs to be activated before it can be used for access.
Navigate to the user's token list
In the Domain list, select the domain that you want to work on, e.g. DeepnetMFA.com
If you click the "Search" button, it will list all users in the entire directory up to the query limit.
To narrow down your search, click the "Filter" button
Enter the user's login name, e.g. 2FA, then click the "Search" button (You can change the search filter or add more filters)
Once you have found the user account, click on its context menu icon "..." to bring up the context menu:
Click "Tokens" from the context menu
Click the context menu icon of the inactive DeviceCert
Click "Activate" to activate the token
You will be immediately prompted by your web browser to select a certificate:
Commonly, all web browsers will prompt and ask you to select your certificate even you have got only one certificate.
To continue, you must select the certificate to use and click OK
Login to the self-service console:
Identify the device certificate that is marked as "inactive"
Click the "Activate" button in the tile of the inactive device certificate.
If the self-service activation policy is set to require an activation code, then the user will be prompted below:
The user can acquire the activation code by email or text message, or from the help desk
Enter the activation code:
The device certificate will be activated if the given action code is correct:
