# Manage device provisioning

You can manage device provisioning in the **Devices** page of Guardian, as well as export your device provisioning report. You can begin the provisioning process from the [Provisioning](https://docs.medcrypt.com/manage-devices/begin-device-provisioning) page.

**Disconnected provisioning**

For disconnected provisioning, users can use the command line or the [Provisioning](https://docs.medcrypt.com/manage-devices/begin-device-provisioning) page to submit PRs and download certified profiles (CPs). They can then manage device provisioning and export the device provisioning report from the **Devices** page. This is an interim solution while we add full provisioning lifecycle support to the **Devices** page. For the full workflow walkthrough, refer to [Understand device provisioning](https://docs.medcrypt.com/manage-devices/understand-device-provisioning).

**Connected provisioning**

For connected provisioning, devices automatically submit requests to the [Devices](https://docs.medcrypt.com/manage-devices/manage-device-provisioning) page.&#x20;

## Select system

1. In the breadcrumb trail in the main navigation bar, click the **Select system name** drop-down. You can also select this in the quick filter drop-downs on the page. You can only select one system name, also known as your system definition.
2. Click the **Filters** drop-down to filter on system instance, component, and other criteria.

## Understanding approval workflows

### Automatic approval type

In this approval workflow type, provisioning requests (PRs) will automatically be verified, approved, and provisioned. You cannot manually approve or reject PRs for this approval type. This approval workflow has the following steps:

**Verifying** → **Auto-approved** → **Provisioning** → **Provisioned**

* **Verifying...**: PR has just come in and the system has not yet auto-approved it.
* **Auto-approved:** PR has been auto-approved by the system and will soon move to **Provisioning**.
* **Provisioning:** PR is either in the process of provisioning or is queued to provision soon.
* **Provisioned:** PR has completed provisioning
* **Various error codes:** See [Troubleshooting](#troubleshooting) for more informatio&#x6E;**.**&#x20;

### Manual approval type

Provisioning requests require manual approval before processing.

This approval workflow has the following steps:

**Verifying** → **Needs approval** → **Approving** → **Complete provisioning** → **Provisioning** → **Provisioned**

* **Verifying...:** PR has just come in and the system has not yet moved it to **Needs approval** status.
* **Needs approval:** PR needs to be manually approved by a user.
* **Approving...:** PR approval is in progress
* **Complete provisioning:** PR needs to be manually provisioned by a user
* **Provisioning:** PR is either in the process of provisioning or is queued to provision soon.
* **Provisioned:** PR has completed provisioning
* **Rejecting...**: PR rejection is in progress
* **Rejected by user:** PR was manually rejected by a user.
* **Various error codes:** See [Troubleshooting](#troubleshooting) for more informatio&#x6E;**.**&#x20;

### Approve individual PR

For the **Manual** approval type, you can approve PRs for one or more devices. Approved PRs will move to **Approved** status.

1. For any PR in the **Needs approval** status, you will see an **Approve** and **Reject** button in the **Actions** column.&#x20;
2. Click **Approve.** This will display the confirmation panel.&#x20;
3. Click **Approve PR** in the panel. The PR status will move to **Approving...**, then to **Complete provisioning.** You will see a success message.
4. If you choose to reject the PR at this point, click **Reject PR**. This will change its status to **Rejected by user**. You will see a success message.
5. You can view **Approved on** and **Approved by** information. Click the **Columns** link at the top of the table to customize your display.

### Bulk approve PRs

For the **Manual** approval type, you can approve or reject PRs for one or more devices. Approved PRs will move to **Approved** status.

1. For any PR in the **Needs approval** status, you will see an **Approve** and **Reject** button in the **Actions** column. You will also see the total number of PRs in this status in the bulk **Approve X PRs** action link in the toolbar (where X is this number).
2. Click **Approve X PRs** in the toolbar. This will display the confirmation panel.&#x20;
3. Click **Approve X PRs** in the panel. The PR status will move to **Approving...**, then to **Complete provisioning.** You will see a success message.&#x20;
4. If you choose to reject the PR at this point, click **Reject X PRs**. This will change their status to **Rejected by user**. You will see a success message.

### Reject individual PR

For the **Manual** approval type, you can reject PRs for one or more devices. Rejected PRs will show a **Rejected by user** status.

1. For any PR in the **Needs approval** status, you will see an **Approve** and **Reject** button in the **Actions** column.&#x20;
2. Click **Reject.** This will display the confirmation panel.&#x20;
3. Click **Reject PR** in the panel. The **Provisioning status** will move to the **Rejected by user** status. You will see a success message.
4. You can view **Rejected on** and **Rejected by** information. Click the **Columns** link at the top of the table to customize your display.

### Bulk reject PRs

For the **Manual** approval type, you can bulk reject PRs for one or more devices. Rejected PRs will move to **Rejected** **by user** status.

1. For any PR in the **Needs approval** status, you will see an **Approve** and **Reject** button in the **Actions** column. You will also see the total number of PRs in this status in the bulk **Reject X PRs** action link in the toolbar (where X is this number).
2. Click **Reject X PRs** in the toolbar. You'll have the opportunity to review the summary of the PRs you are rejecting.
3. Confirm your rejection. The **Provisioning status** will move to **Rejecting...**, then **Rejected by user** status. You will see a success message.
4. You can view **Rejected on** and **Rejected by** information. Click the **Columns** link at the top of the table to customize your display.

### Provision individual device

For the **Manual** approval type, after approving device PRs, you can provision those devices individually or in bulk.&#x20;

1. For any PR in the **Complete provisioning** status, you will see a **Provision** button in the **Actions** column.&#x20;
2. Click **Provision**. This will display the confirmation panel.
3. Click **Provision device** in the panel. The **Provisioning status** will move to **Provisioning...**, then Provisioned status. You will see a success message.
4. You can view **Rejected on** and **Rejected by** information. Click the **Columns** link at the top of the table to customize your display. You will see a success message.

### Bulk provision devices

For the **Manual** approval type, after approving device PRs, you can provision those devices individually or in bulk.

1. For any PR in the **Complete provisioning** status, you will see that device reflected in the **Provision X devices** action link in the toolbar. You will also see a **Provision** button in the **Actions** column.&#x20;
2. Click **Provision**. This will display the confirmation panel.
3. Click **Provision X devices** in the panel. The **Provisioning status** will move to **Provisioning...**, then **Provisioned** status. You will see a success message.
4. You can view **Rejected on** and **Rejected by** information. Click the **Columns** link at the top of the table to customize your display. You will see a success message.

## Change date formatting

By default, device provisioning data is displayed in UTC time and in **dd mmm yyyy** format. You can change this to display ISO format and/or to show dates in your local time.

1. To change the date formatting, click the **Settings** drop-down in the toolba&#x72;**.**
2. Toggle the respective date settings, which will automatically apply.

## Columns

Not all columns are shown by default. Click the **Columns** link at the top of the table to customize your display.

* **System name:** This is the system definition. It will also be referred to as system.
* **System instance name:** This is a particular instance of the system name.
* **System instance ID:** This is the unique ID for a system instance.
* **Component name:** This is a component in the system instance.
* **Component instance ID:** This is the unique ID for a component.
* **Component instance created on:** This is when the component instance was created.
* **Device HW ID:** This is the unique ID for a device.&#x20;
* **Approval type:** This is either **Manual** or **Automatic**, as defined by your organization in your system definition.
* **Provisioning status:** This shows the provisioning status of the PR. Statuses will depend on your system's defined approval type.
* **Request ID:** This is the unique provisioning request ID.
* **Request created on:** This is the date the provisioning request was created.
* **Response ID:** This is the unique provisioning response ID.
* **Response created on:** This is the date the provisioning response was created.
* **Provision source:** This is either **Appliance** or **Cloud**, as defined by your organization in your system definition.
* **Approved on:** This is the date the provisioning request was approved.&#x20;
* **Approved by:** This is either **System** or a user name. If you are using the **Automatic** approval type, it will be set to **System**. The PR will also&#x20;
* **Rejected on:** This is the date the provisioning request was rejected.
* **Rejected by:** This is either **System** or a user name. If you are using the **Automatic** approval type, it will be set to **System** if the PR was rejected by our system. It will also have a **Rejected by system** provisioning status.
* **Provisioned on:** This is the date the provisioning request was provisioned.
* **Provisioned by:** This is either **System** or a user name. If you are using the **Automatic** approval type, it will be set to **System** when the PR is automatically provisioned by our system. It will also have a **Provisioned** provisioning status.
* **Actions:** If a PR needs to be approved, this will show **Approve** and **Reject** buttons. If there are additional actions that can be performed, you will see a **... action overflow** button.

## Troubleshooting

If a PR encounters an error during the provisioning process, its **Provisioning status** will indicate the problem.&#x20;

* **Rejected by user:** PR was manually rejected by a user. This will only display for the **Manual** approval type.&#x20;
* **Rejected by system:** PR was automatically rejected by our system. This should be very rare.
* **Must be provisioned by appliance:** The device can only be initially provisioned against an appliance. Error code: `APPLIANCE_ONLY`&#x20;
* **Duplicate HW ID:** The hardware ID provided in the PR matches an existing device's hardware ID, and does not meet your organization's PR approval policy. Error code: `DUPLICATE_HW_ID_FAILURE`
* **Missing PR signer key:** The key used to sign the PR either does not exist or is not yet available to verify the PR. Error code: `MISSING_PR_SIGNER_KEY`
* **Malformed PR signature**: The signature of the PR did not meet expectations and could not be verified. Error code: `PR_SIGNATURE_MALFORMED`
* **Max instances exceeded:** The maximum number of this device (component) has already been reached, as defined in your system definition. Error code: `MAX_INSTANCE_FAILURE`

### Vault errors

* **Vault could not sign certificates:** Vault was unable to sign device certificates. Error code: `FAIL_SIGN_DEVICE_CERTIFICATES`
* **Vault could not sign profile:** Vault was unable to sign a device certified profile. Error code: `FAIL_SIGN_DEVICE_CERTIFIED_PROFILE`
* **Vault request timed out:** Our service that drives provisioning timed out making a request to Vault. Error code: `VAULT_REQUEST_TIMEOUT`
* **Vault could not find PR signer:** Vault could not find the device identity of the device that signed the PR. Error code: `UNABLE_LOOKUP_PROVISION_REQUEST_SIGNER`
* **Vault could not find device leaf certificates:** Vault could not find device leaf certificates for a device. Error code: `UNABLE_LOOKUP_DEVICE_CERTIFICATES`
* **Vault could not find vault signer certificate:** Vault was unable to find the certificate of a vault signer. Error code: `FAIL_SIGN_MISSING_SIGNER_CERTIFICATE`

### Reprovisioning errors

Some errors can only occur when reprovisioning a device.

* **Component mismatch:** The PR contains a different component name than the component that signed the PR. Error code: `REPROVISIONING_MISMATCH_COMPONENT`
* **HW ID mismatch:** The PR has a different hardware ID than the device that signed the PR. Error code: `REPROVISIONING_MISMATCH_HARDWARE_IDENTIFIER`
* **Instance mismatch:** The PR is for a device in a different system instance than the device that signed the PR. Error code: `REPROVISIONING_MISMATCH_INSTANCE`
* **Device is already provisioning:** The PR is a re-provision request for a device that is in the process of provisioning. Error code: Error code: `REPROVISIONING_PROVISIONING_COMPONENT`

## Filter devices

You can filter on system, device, and provisioning information.

**General section**

* **System name:** Select the main system to view. This is also known as the system definition.
* **System instance:** Select one or more system instances to view.
* **Component name:** Select one or more components to view.
* **Device hardware ID:** Specify a particular device hardware ID to filter on.

**Provisioning details section**

* Toggle to view current provisioning status for all devices or all statuses the devices have moved through.
* **Provisioning status:** Select one or more provisioning status(es). The available statuses will depend on the approval type of the system you are currently viewing.
* **Provisioned on:** Select a date range to view devices that moved to the **Provisioned** status during that time.

## Export provisioning report

You can either export the current provisioning status for all devices or select the devices you want to export the latest provisioning status for.&#x20;

1. To export all devices, select **Export** drop-down in the toolbar. In the **All devices** group, select **Device provisioning report**.
2. To export selected devices, select the devices you want to export the status for, then select **Export** drop-down in the toolbar. In the **Selected devices** group, select **Device provisioning report**. This will export the device provisioning report in CSV format.