Multi-device Registration Issue

Support
1

I generated an authentication JWT, but I have multiple devices. After registering on my Mac, I cannot register again on my Windows device. Is there any way to set it so that it can be registered multiple times?

Currently, I use the command ziti edge enroll --jwt xxx.jwt --out xxx.json to save the JSON obtained from the JWT and store it on different devices for connection. However, this creates a new issue: when I check the user's connection information on ZAC, it becomes confusing. I can't determine which device is online or offline since the OS or SDK information only shows the details of the device that executed the enroll command.

Is there a way to implement a tiered interface, such as Group - User - Device?

Of course, registering multiple users and using a naming convention is one way to manage this, but if there are a lot of users, each with multiple devices, it can become very chaotic.

I'm not sure if the CAOTT approach can solve my problem; from what I've seen, it seems it won't work either.

2

No. JWT's are "one-time-use" tokens. You need to generate a token for each device and register each device. While somewhat annoying that first time, it's for the best. You don't want one token to be compromised and have every device compromised. :slight_smile:

At this time no, but it's something I'm relatively certain we'll get to in the future. It's not been a priority to this point to implement a feature like that. It's a natural request for when a user is no longer part of the network to remove all their devices. Not at this time, though.