Skip to content

Cloud provisioning

This page explains the different methods of cloud provisioning, meaning connecting a device directly to nRF Cloud and registering its device certificate. This allows the device to use the nRF Cloud MQTT APIs through the IoT broker. As such, provisioning only applies to IP devices.

nRF Cloud supports two methods of cloud provisioning: preconnect and Just-in-Time (JITP).

Preconnect provisioning

The recommended way to provision devices on nRF Cloud is to use the ProvisionDevices endpoint. This provisions your devices in bulk and adds them to your account before they connect for the first time.

Device certificates are created using your own CA certificate. See Securely generating credentials on the nRF9160 DK for more information on creating and provisioning device certificates.

Just-in-Time provisioning

JITP means that a device is provisioned when it first tries to connect to the IoT broker and presents its device certificate. Before the first communication, the device is not known to the broker and is not stored in the fleet registry.

The JITP process requires that device certificates are created using a Nordic Semiconductor CA certificate managed in the cloud. You can obtain a JITP device certificate using the CreateDeviceCertificate endpoint.

The nRF9160 DK and Thingy:91 are cloud provisioned through JITP if you use the preprogrammed certificate on the device as shipped. You can also provision new device certificates. See Securely generating credentials on the nRF9160 DK for more information.

The disadvantage of JITP is that it can be resource intensive and time consuming, taking up to thirty seconds after it makes its first connection. You must also explicitly add a JITP device to your account after provisioning, proving ownership (the right to claim) with a hardware ID or PIN. For Nordic Semiconductor products, this is provided on the product label. When using a JITP certificate for a custom device, you must choose and provide an ownership code.