Thanks for that information. Just to make that crystal clear (to me!)...
1. IAPs are manually added to Central using MAC address and Cloud Activation key.
2. Central informs Activate (via a back end process) to redirect the devices that have been manually added.
3. Activate generates a provisioning rule (again via a backend process) to redirect those devices.
4. IAP boots, looks to Activate for provisioning, which redirects it to Central.
I have looked in Activate and found the provisioning rule, but there is no identity information relating to the IAPs - do I assume correctly that this information is held in a back end database of some kind? It is much clearer for devices that are already in Activate, and that have been given a provisioning rule to redirect them to Central, as all of the relevant information (device identity and provisioning rule) is clearly visible.
Please feel free to correct or clarify points that I may have misinterpreted from your reply.
Thanks very much.
Johnny.