Linux device ID migration

Linux version 1.0.79 will introduce changes to how we generate internal device IDs for Linux devices. As a result, devices will show up as a new device after upgrading to 1.0.79.

If you currently use Trusted Profiles with Linux devices, you will need to re-verify all of your trusted Linux devices after the update.

If you use Trusted Profiles to gate access to Resources, you will need to manual verify the new devices in order to ensure your users maintain access after they update. Users whose devices are not re-verified will experience temporary loss of access.

The manual verification migration can be done manually as your users update or can be automated using the Twingate API or the Twingate CLI.

See the Device Security Guide for more information on Trusted Profiles and manual verification. For any questions related to this update, reach out via the Help Center.

Migration tips

For a small number of Linux devices: manually verifying devices is the easiest way to handle the migration. If it’s instrumental for users to have access to these resources with little interruption, consider modifying Trusted Profiles to temporarily remove manual verification as a requirement.

For a large number of Linux devices: consider using a script to automate the migration. An example script is detailed below.

After all of your users have updated, the old devices can be archived from the Admin Console.

Using the Twingate CLI to automate migrating device verification

If you have a large number of Linux device you need to reverify as users upgrade to 1.0.79, we recommend using the Twingate CLI to automate this process. Using the device trust command, the CLI can trust one or more devices by their serial number:

./tg device trust <deviceIdOrSerial> <deviceIdOrSerial2...>

Using this command, you can automate the transition. The following steps demonstrate how that can be done:

  • Collect a list of serial numbers using tg export to build an .xlsx file with information from your network. This file includes a table of device info, including serial numbers. Export the serial numbers of your trusted Linux devices to a text file, separated by newlines.

  • Write a script to trust devices based on their serial numbers, with the following example using serial-numbers.txt as an example:

while read serial || [[ -n $serial ]]; do
./tg device trust "$serial"
done <serial-numbers.txt
  • Automate this script using cron to keep it running at a regular interval, like every 15 minutes. Keep this running until users have upgraded.

Last updated 4 months ago