How To Enable Azure IoT Hub Certificate Authentication in EZCA

Prerequisites

1. Registering the application in your tenant
2. Selecting a Plan

Introduction - Enabling Azure IoT Hub Access For Certificate Authentication in EZCA

If you are using EZCA for Azure IoT and would like to EZCA to automatically add new CA certificates to Azure IoT, EZCA must to have Contributor Role access to your IoT Hubs. With this access, EZCA will be able to automatically add new CA certificates to your IoT Hubs, and rotate your CAs when they expire. If you would also like EZCA to disable your IoT devices when a certificate is revoked, EZCA must have IoT Hub Registry Contributor permission in your IoT Hub.

Note: If you are going to manually rotate your CAs in Azure IoT, this step is not required.

Adding The EZCA Application to RBAC in Azure Portal

1. Login to https://portal.azure.com
2. Navigate to the IoT Hub you want EZCA to manage.
3. Click on the Access control (IAM) menu option
4. Click on Add
5. Select the “Add Role Assignment” Option
6. Select the “Privileged administrator roles” tab
7. Select Contributor role
8. Click on Members
9. Click on “Select Members”
10. Select the Keytos Application
11. Click the Select button
12. Click the Review + assign button
13. Click the Review + assign button

How to Add IoT Hub Registry Contributor Role

1. Once You are back in the Access Control (IAM) screen, click on Add
2. Select the “Add Role Assignment” Option
3. Select the “IoT Hub Registry Contributor” role
4. Click on “Select Members”
5. Select the Keytos Application
6. Click the Review + assign button
7. Click the Review + assign button