Control access to IoT Hub

This article describes the options for securing your IoT hub. IoT Hub uses permissions to grant access to each IoT hub endpoint. Permissions limit the access to an IoT hub based on functionality.

There are three different ways for controlling access to IoT Hub:

  • Azure Active Directory (Azure AD) integration for service APIs. Azure provides identity-based authentication with AAD and fine-grained authorization with Azure role-based access control (Azure RBAC). Azure AD and RBAC integration is supported for IoT hub service APIs only. To learn more, see Control access to IoT Hub using Azure Active Directory.
  • Shared access signatures lets you group permissions and grant them to applications using access keys and signed security tokens. To learn more, see Control access to IoT Hub using shared access signature.
  • Per-device security credentials. Each IoT Hub contains an identity registry For each device in this identity registry, you can configure security credentials that grant DeviceConnect permissions scoped to the that device's endpoints. To learn more, see Authenticating a device to IoT Hub.

Next steps