ONN

Onboarding Network

IoT →
Introduced in Rel-17

ONN is a trusted network, such as a PLMN or SNPN, that provides initial secure access so a device can acquire credentials for its target service network.

Category
IoT
Introduced
Rel-17
Where
Core Network › 5G Core
Specifications
2 specs
ONN Description Purpose Related Classification Detected Changes Specifications

Description

The Onboarding Network (ONN) is a fundamental component within the 3GPP onboarding framework, specifically for mechanisms like ON-SNPN. Conceptually, it is a network that a device can initially attach to when it lacks valid credentials for its intended final destination network, which is often a Standalone Non-Public Network (SNPN). The ONN's primary role is to provide a controlled, authenticated, and secure environment where the device can establish IP connectivity and communicate with a remote onboarding server or credential issuer. This server is typically associated with the target SNPN or a trusted third-party service provider.

Architecturally, an ONN can be implemented as a dedicated slice of a Public Land Mobile Network (PLMN), a separate SNPN configured for onboarding purposes, or even a neutral-host network. It includes standard 5G core network functions like the AMF, SMF, and UPF to provide basic data connectivity. Crucially, it also interfaces with an Onboarding Server Function (OSF) or a similar entity responsible for authenticating the device and issuing credentials. The ONN operates with a specific set of network identifiers (a PLMN ID or SNPN ID) that devices are pre-configured to recognize or discover as a trusted entry point for onboarding.

The operational flow involves a UE attempting to register with a network for onboarding. If the UE's target SNPN is not available or the UE lacks credentials, it may search for and select a pre-configured ONN. Upon successful but limited authentication with the ONN (potentially using generic or device-specific initial credentials), the UE is granted restricted data connectivity. Over this secured channel, the UE performs an HTTPS or similar secure session with the onboarding server. The server authenticates the device's immutable identity, validates its right to join the target SNPN, and then provisions it with the necessary subscription credentials (SUPI, authentication keys). After successful provisioning, the UE disconnects from the ONN and uses the new credentials to perform a standard registration procedure with its target SNPN. The ONN thus acts as a secure intermediary, isolating the potentially vulnerable provisioning process from the operational networks.

Purpose & Motivation

The ONN was conceived to address a critical bootstrap problem in large-scale IoT and private network deployments: how does a device with no prior relationship to a network securely obtain the credentials needed to access that network? Without an ONN, the options are limited to impractical or insecure methods like manual configuration, physical interfaces, or pre-provisioning all devices at the factory for a specific customer, which hinders scalability and supply chain efficiency.

The creation of the ONN concept in 3GPP Release 17 was motivated by the need for a standardized, carrier-grade, and secure bootstrap mechanism. It provides a trusted 'landing zone' that is separate from the production SNPN, enhancing security by containing any potential attacks during the provisioning phase to the onboarding environment. This separation of concerns allows SNPN operators to focus on their core operational security without exposing their authentication infrastructure to unauthenticated devices. The ONN enables zero-touch provisioning models, which are essential for cost-effective deployment of thousands of sensors and actuators in industrial settings. It also offers flexibility, as a single ONN (e.g., operated by a device manufacturer or a mobile operator) can serve as the onboarding platform for devices destined for multiple different SNPNs owned by different enterprises.

Classification

Part ofSNPN
Specific typesON-SNPN

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (101 CRs across 3 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-16 16 changes

In Release 16, the Onboarding Network (ONN) function was formally introduced, defining it as either a PLMN enabling remote provisioning or a dedicated Onboarding Standalone Non-Public Network (SNPN). This release specified the procedures and architectural elements for SNPN onboarding, including the use of default UE credentials, the role of a Provisioning Server, and the support for access selection via mechanisms like the Group ID for Network Selection (GIN). It also clarified integration aspects such as N3IWF selection and network function discovery (e.g., UDM-AUSF) within an SNPN for onboarding purposes.

  • SNPN deployment scenarios TS 23.501CR1183
  • clarifications on SNPN TS 23.501CR1426
  • QoS differentiation for access to SNPN (PLMN) services via PLMN (SNPN) TS 23.501CR1264
  • Support for access to PLMN services via SNPN and SNPN services via PLMN TS 23.501CR1379
  • Clarifying N3IWF access to SNPN TS 23.501CR1751
  • UE identifier for SNPN TS 23.501CR1881

+ 10 more changes

Rel-17 54 changes

In Release 17, the Onboarding Network (ONN) function was formally introduced, defining it as either a PLMN or an Onboarding SNPN that enables Remote Provisioning for a registered UE. Key enhancements included the support for UE onboarding using default UE credentials, a dedicated UE onboarding architecture, and the definition of specific SUCI/SUPI formats for use during the onboarding procedure. Furthermore, the release specified mechanisms for de-registration of an onboarding-registered UE and detailed AMF selection to support UE onboarding onto an SNPN.

  • Informative guideline on supporting session/service continuity between SNPN and PLMN when using N3IWF TS 23.501CR2563
  • SNPN support AAA Server for primary authentication and authorization TS 23.501CR2611
  • SNPN with separate entity hosting subscription TS 23.501CR2625
  • General introduction of Enhancements to Support SNPN along with credentials owned by an entity separate from the SNPN TS 23.501CR2684
  • UE onboarding TS 23.501CR2562
  • De-registration for onboarding registered UE TS 23.501CR2755

+ 48 more changes

Rel-18 31 changes

In Release 18, the Onboarding Network (ONN) function was enhanced to support onboarding and access to SNPN services via non-3GPP and wireline access networks, expanding beyond traditional 3GPP access. It introduced specific procedures for N3IWF selection for onboarding and for emergency services, and provided clarifications for network selection when accessing an SNPN providing localized services. The release also defined mechanisms for using a Credentials Holder to determine SNPN selection information and for supporting equivalent SNPNs for localized services access.

  • Support of Non-3GPP access for SNPN TS 23.501CR3714
  • Equivalent SNPN support TS 23.501CR3730
  • N5CW device access to SNPN services TS 23.501CR3821
  • Clarification of SNPN access mode TS 23.501CR3841
  • Clarifications on Onboarding in SNPN supporting localized services TS 23.501CR3927
  • SNPN broadcast system information and manual network selection for localized service TS 23.501CR4095

+ 25 more changes

Explore further

Broader topics and technologies where ONN plays a role.

Topics
Authentication (5G-AKA, EAP)MEC (Edge Computing)Lawful InterceptSMS & MessagingIoT & MTCProtocols & Interfaces
Technologies
5G

Defining Specifications

3GPP specifications that define or reference ONN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 29.512 vj40 5G Session Management Policy Control Service Rel-19