How-To: Enable Azure IoT Hub Certificate Authentication in EZCA

Enable Azure IoT Hub Access For Certificate Authentication in EZCA

If you are using EZCA for Azure IoT and would like to EZCA to automatically add new CA certificates to Azure IoT, EZCA must to have Contributor role access to your IoT Hubs. With this access, EZCA will be able to automatically add new CA certificates to your IoT Hubs, and rotate your CAs when they expire. If you would also like EZCA to disable your IoT devices when a certificate is revoked, EZCA must also have the IoT Hub Registry Contributor role on your IoT Hubs as well.

Prerequisites

• Ensure the EZCA application is registered in your Azure tenant
• Select an EZCA plan

Add the RBAC Contributor Role to Azure IoT Hub

1. Login to https://portal.azure.com

2. Navigate to the IoT Hub you want EZCA to manage.

3. Click on the Access control (IAM) menu option

   

4. Click on + Add

   

5. Select the Add Role Assignment Option

6. Select the Privileged administrator roles tab

   

7. Select Contributor role

   

8. Click on Members

   

9. Click on Select Members

   

10. Search for “keytos” and select the Keytos Application

    

11. Click the Select button

    

12. Click the Review + assign button

    

13. Click the Review + assign button

    

Add the IoT Hub Registry Contributor Role to Enable Revocation

1. Once You are back in the Access Control (IAM) screen, click on + Add

   

2. Select the Add Role Assignment Option

3. Select the IoT Hub Registry Contributor role

   

4. Click on Select Members

   

5. Search for “keytos” and select the Keytos Application

   

6. Click the Review + assign button

   

7. Click the Review + assign button