Azure SAS Tokens

The Abstract MQTT Driver supports the use of SAS tokens for authentication to the Azure IoT Hub.

The authentication process is as follows:

  • Add an AzureMqttSasAuthenticator component to the Abstract MQTT Driver device.

  • The device’s connection string is copied from Azure IoT Hub to a Niagara station.

  • The authenticator securely stores the connection string and generates a new SAS token, and connects to the IoT Hub.

  • The authenticator automatically generates a new token when the current token is close to expiring.

The benefits of using SAS tokens over certificates include:

  • Simpler configuration during station commissioning.

  • Secure encrypted storage of tokens and access key at rest in the Niagara key store.

  • You can configure more frequently token expiry.

  • The authenticator generates a new replacement token prior to expiry thereby avoiding repeated certificate maintenance in the future.

  • Administrators can revoke the original connection string in the Azure IoT Hub at any time.