When a Wi-SUN network is configured with open authorization in Remote Manager, any XBee for Wi-SUN device that successfully passes EAP-TLS authentication against the Digi PKI can join. No per-device configuration in Remote Manager is required. Open authorization is the simplest mode: certificate validity is the only admission criterion.

Use Open authorization when certificate management alone is sufficient to control device enrollment. Devices with a valid Digi certificate can join; devices without one cannot.

Open authorization applies to each XBee Hive for Wi-SUN configured to use Remote Manager as the authentication server. See Configure the border router to use Remote Manager as auth server.

Open authorization grants network access to any device whose identity certificate is signed by a CA that the border router trusts. By default, every XBee Hive for Wi-SUN trusts the Digi CA, which issues the factory identity certificate of every Digi Wi-SUN device. This means any Digi XBee for Wi-SUN with factory certificates can join the network without further checks.

Use Open authorization only when devices present your own identity certificates and the Include Digi CA option is disabled on each XBee Hive for Wi-SUN. See Include Digi CA.

Configure open authorization

To set a network authorization mode to Open in Remote Manager:

  1. Log in to Remote Manager.

  2. Go to XBee Networks and click the Name or ID of the network. The XBee Network page opens.

  3. Select the Security tab.

  4. Set Authorization to Open.

  5. Click Save.