Using STM32 MCU to authenticate users on LDAP / Azure Active Directory -Feasability

SAWICKI Peter 1 Reputation point
2021-11-30T17:23:01.45+00:00

We are using a STM32 with a local GUI. We are planning on connecting this to the Azure IOT Hub. I was wondering what the feasibility would be to connect to a clients azure Active directory or LDAP from the local GUI to authenticate there username and password at the local device level. I am using a version of FreeRTOS most of the examples I see from this are some form of linux or embedded windows.

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,084 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,736 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sander van de Velde 27,051 Reputation points MVP
    2021-12-02T14:21:52.193+00:00

    Hello @SAWICKI Peter ,

    Azure IoT supports a wide range of devices, like a Raspberry PI or VM running a general-purpose operating system like Linux and Windows, or constrained (embedded) devices like an ESP having an MCU.

    Check out this list of SDKs available to start programming.

    Regarding embedded devices, here is a list of SDKs each for its own middleware.

    FreeRTOS is supported too. Here is a list of sample projects.

    As an alternative, I can recommend checking out the Nanoframework which enables programming in C# for a various list of embedded devices.

    Once you have your device connected to the Azure cloud, especially the IoT Hub, you have a secure channel to communicate two-way, both device-to-cloud and cloud-to-device.

    Device messages can be routed to cloud logic (like an Azure Function) and a response can be sent back to the device using eg. a Direct method or a Device Twin desired property update.

    Use this channel to connect to AAD/LDAP directly in a secure manner (access to the directory starts within the cloud, no keys or access is 'leaked' to the device).