ThingWorx Azure IoT Connector to Connect to Storage Account Using Identity

This would represent a significant change to how the connector works.  Understanding your motivation and reasons for requesting this and why the current method does not work is essential for any consideration.

 

Just asking for something without any context has very little chance of ever happening as these things require people to get behind and support such requests.

Hi @BM_9429767 , 

To support @geva 's comment, please provide more info about your idea. We recently implemented a new process intended precisely for this:

1. What version of Thingworx are you currently running?

2. Describe the problem you are trying to solve. Please include detailed documentation such as screenshots, images or video.

3. What business value would your suggestion represent for your organization?
 

1. What version of Thingworx are you currently running?

Thingworx 9.2

2. Describe the problem you are trying to solve. Please include detailed documentation such as screenshots, images or video.

We are trying to remove the use of key access to storage accounts. Instead we would like to use Azure managed identity to access. Instead of connection string as the only option here. We would like to use an Azure identity Username/Password to authenticate. 

I think there would be a value add in using the same Azure identity to configure the Azure IoT Connector as well. 

3. What business value would your suggestion represent for your organization?

The main risk here is that if they keys got compromised in any way. A bad actor will have Administrative access to the Azure resource the keys or connection strings are associated with. With user based access we can give the least required access to the application user. This would also give us the ability to track who made the changes as the key access is not related to a specific user. 

 

Main business value adds are Security and Traceability. 

Understood. Thanks for the clarification.

PTC documentation for this step is found here and is number 3 here:
https://support.ptc.com/help/thingworx/azure_connector_scm/en/#page/thingworx_scm_azure%2Fazure_connector%2Fc_azure_connector_create_azure_entities_in_thingworx.html%23

The approach used with the Connection String for the Primary Key for the Storage account is effectively giving ThingWorx and a user of ThingWorx administrative access to the entire storage account. This would be problematic in the common scenario where customers want to use our IoT Hub Connector to get data into a storage container within their overall Azure Data Lake.

Hello,
Thank you for your idea and the information provided.

Thank you for your idea.  We have no plans to implement this enhancement in our short or medium term roadmap.  We will consider for future roadmap.