I'd be happy to follow best practices but I can't think of how to do this.
Let's say we have 5 users, each with a laptop, iPhone, and iPad. All 15 devices are automatically connected to the VPN. If I wanted to give each device a static IP by specifying their usernames, we'd have a problem where I can only specify 5 IPs for 15 devices, right? So instead, I created certificates named "bsmith_laptop" and "bsmith_ipad" and disabled the "username-as-common-name" option. That way, I can safely specify an IP for each device.
The reason I'd like each device to have a static IP is so I can access the devices by name using DNS. Currently, my DNS server and its cache don't update quickly enough to handle these 15 devices coming up and down all day.