Mistake on this page? Email us

Pelion Device Management General Availability

Pelion Device Management General Availability (GA) introduces the following key features:

  • First-to-Claim for devices and Device Management Edge: allows you to assign devices to Device Management accounts after the manufacturing of the device.
  • Device Management On Premises: allows deployment of IoT device management on customers' premises, datacenters and customers’ private and public cloud.
  • Device Management Edge: connects non-IP or legacy devices to Device Management using protocol translation.
  • Device Management Client Lite: extends Device Management capabilities to constrained devices by supporting TLS/DTLS with Pre-Shared Key (PSK).
  • Device Management secure device access: allows customers to define policies controlling who can access devices in-field, when and how.
  • Device Management can use third party certificate authorities during Lightweight Machine to Machine specification (LwM2M) bootstrap.


With the First-to-Claim by enrollment list capability, you can manufacture devices without binding them to a Device Management account. We provide the device with an enrollment identity that you can later use to claim the device in the onboarding phase and assign the device to a Device Management account.

Once you have enrolled the device, Device Management associates it with the appropriate claiming account when the device connects to Device Management.

The First-to-Claim capability works for both devices and Device Management Edge gateways.

We deliver First-to-Claim as a General Availability feature in this release.

Device Management On Premises

Device Management On Premises is the deployment option of the Device Management product that provides capabilities for IoT device management. Device Management On Premises runs on premises and datacenters of customers, customers' IaaS vendors and cloud vendors. Device Management On Premises does not have a direct dependency on any cloud instance. Instead, you can deploy it on any physical hardware or cloud instance with OpenStack virtualization capabilities.

Device Management On Premises is available as a managed service, and we provide a complete solution to run the IoT device management system. The software delivery includes all service components and localized databases. Based on customers' preferences, we can integrate the software with customers' load balancers, firewalls and additional security hardware (HSM).

The scope of Device Management On Premises is to provide similar (identical) feature parity with Device Management as on-premise product is deployable/buildable from the same master branch of Device Management.

Device Management On Premises is for customers who want to host and run IoT service by themselves and not to rely on public or private Device Management offering.

We deliver Device Management On Premises as a Managed Service as a Preview Availability feature in this release.

Device Management Edge

You may want to connect existing legacy devices and non-IP devices (for example, Bluetooth) to connect to the cloud. Device Management Edge offers a solution for doing that using Device Management Edge's Protocol Translation capability.

Edge has the capability to:

  • Register any protocol translated device with Device Management.
  • LwM2M GET/PUT/POST/DELETE using C API toward protocol translated end-points.
  • Do a lightweight implementation using only C and C++ for small memory consumption.
  • Connect securely from Edge to Device Management using X.509/PKI-based TLS v1.2 connection.
  • Update the firmware of the Edge device using Device Management.

We deliver Device Management Edge at the General Availability level in this release.

Device Management Client Lite

There is wide variety of IoT devices, from low-cost sensors to expensive, complex devices. Device Management Client Lite is the client profile for constrained devices - specifically, cost-sensitive devices with little memory and limited processing capabilities.

Device Management Client Lite supports the following features:

  • API for registration and reregistration toward Device Management service.
  • Secure connectivity logic using industry standard TLS/DTLS with the Pre-Shared Key (PSK) mechanism.
  • API for device management (based on the OMA LwM2M specification) and notification sending, including full control of endpoint and application logic from the Device Management service.
  • Mbed OS using IPv4 connectivity.

This version of Device Management offers a Device Management Client Lite library that provides:

  • The means to connect constrained embedded devices to Device Management using TLS/DTLS with the Pre-Shared Key (PSK).
  • The device management capabilities as described in the OMA LwM2M protocol.

We deliver Device Management Client Lite as a Preview Availability feature in this release.

Mbed secure device access

Many IoT devices have service interfaces allowing technicians to change configuration, diagnose problems and update software. Controlling who interacts with the device software, when and how is critical for the operational security of IoT networks.

Device Management secure device access supports policy-based access control for field service technicians. Once the technician authenticates with the enterprise network, the technician requests permissions for connecting to specific IoT devices. Device Management evaluates policies set by the system administrator and, if approved, grants the technician permissions to perform specific actions on specific devices. The technician can connect to the device even when the device is disconnected from the network.

Device Management secure device access implements the emerging IETF standard for Authentication and Authorization for Constrained Environments (OAuth ACE).

We deliver Mbed Secure Device Access as a Preview Availability feature in this release.

Third party certificate authorities

When an IoT device connects to the Device Management device management platform, the device proves its identity by presenting a device certificate signed by a trusted Certificate Authority (CA). This trusted identity is provisioned in the device either during manufacturing or during Device Management bootstrap.

Device Management third party CA support allows customers to use external CA during Device Management bootstrap process. Customers can operate third party CA service as part of their existing identity infrastructure, or an online managed service can operate it.

This version supports GlobalSign identity service and open source CFSSL certificate authority.

We deliver support for third party CA at the Limited Availability level in this release. The feature is accessible to customers with business relationship with GlobalSign.

Device Management Portal

Portal is now accessible using a shorter but similar URL – https://portal.mbedcloud.com.

API changes

  • Aggregated accounts can now manage their dependent accounts' users, access keys, groups and policies and Trusted Certificates. Please review the API reference for details.
  • We have added new __in and __nin filter operators, which filter fields within or not within a group of values.
  • API endpoints that supported a filter inside a dedicated filter query string parameter now support the generic syntax filter. We encourage you to use the generic filter syntax or update to the latest SDK version. The dedicated filter parameter was removed from the documentation, but we still offer support for the old syntax.
  • The HTTP method PATCH was removed from the API reference. We encourage you to use PUT, which behaves identically, or update to latest SDK version. The API still includes PATCH support.