How To Enable Azure IoT Hub Certificate Authentication in EZCA

Prerequisites

  1. Registering the application in your tenant
  2. Selecting a Plan

Introduction - Enabling Azure IoT Hub Access For Certificate Authentication in EZCA

If you are using EZCA for Azure IoT and would like to EZCA to automatically add new CA certificates to Azure IoT, EZCA must to have Contributor Role access to your IoT Hubs. With this access, EZCA will be able to automatically add new CA certificates to your IoT Hubs, and rotate your CAs when they expire. If you would also like EZCA to disable your IoT devices when a certificate is revoked, EZCA must have IoT Hub Registry Contributor permission in your IoT Hub.

Note: If you are going to manually rotate your CAs in Azure IoT, this step is not required.

Adding The EZCA Application to RBAC in Azure Portal

  1. Login to https://portal.azure.com
  2. Navigate to the IoT Hub you want EZCA to manage.
  3. Click on the Access control (IAM) menu option Azure IoT IAM Screen
  4. Click on Add Azure IoT IAM Add RBAC
  5. Select the “Add Role Assignment” Option
  6. Select the “Privileged administrator roles” tab Azure IAM Add privilege role
  7. Select Contributor role Azure IAM contributor
  8. Click on Members Azure IAM Screen
  9. Click on “Select Members” Azure IAM Screen
  10. Select the Keytos Application Azure IAM Screen
  11. Click the Select button Azure IAM Screen
  12. Click the Review + assign button Azure IAM Screen
  13. Click the Review + assign button Azure IAM Screen

How to Add IoT Hub Registry Contributor Role

  1. Once You are back in the Access Control (IAM) screen, click on Add Azure IoT IAM Add RBAC
  2. Select the “Add Role Assignment” Option
  3. Select the “IoT Hub Registry Contributor” role Azure IAM contributor
  4. Click on “Select Members” Azure IAM Screen
  5. Select the Keytos Application
  6. Click the Review + assign button Add Iot Hub Registry Contributor To Enable Revocation
  7. Click the Review + assign button