How to enable device auto-provisioning
Enabling device auto-provisioning will automatically create missing devices in your Hub when they supply valid TLS information. The certificate chain will be verified against the custom certificate authority of the target hub. If there is no device having the same name as the device certificate Common Name (CN), a device with that CN will be created on this Hub.
This enables industrial use cases, where the secure element provider issues certificates itself on its production lanes, and burns them directly into the chips. The secure element provider will use intermediate certificates signed by a certificate authority, which together with the generated certificate will create a full TLS certificate chain. After installing the certificate authority in a Hub and enabling device auto-provisioning, the previously unseen device will be able to connect to the Hub without having to manually provision it. In this use case, the common name of the generated certificate will be the serial number of the secure element.
Created devices have the following properties:
- Name: Equal to the Common Name of the device certificate.
- Description: A message that states the IP address that provisioned the device.
- Message filters: None, all messages & subscriptions allowed.
- Allow insecure: False. As the security relies on the use of mTLS, it’s not possible to connect with this device using insecure connections.
- Allow multiple connections: False. The certificate should represent a unique physical device.
Click IoT Hub in the Managed Services section of the side menu. A list of your IoT Hubs displays.
Click on the hub on which to enable the device auto-provisioning.
Scroll down to the Device Auto-Provisioning panel and slide the «Toogle Icon» toggle to Enabled.
When auto-provisioning is enabled, IoT Hub will try to add new devices upon first connection. A Hub Event will be raised upon success or failure.