What is this service all about?

Bosch IoT Permissions enables the independent management of users, groups, roles, applications, and tenants – including authentication and authorization. At the same time, operators and companies are fully empowered to manage and monitor all relevant actions and permission allocations in accordance with compliance requirements.

The main scope of Bosch IoT Permissions is to manage the permissions to read, write, or execute operations in an IoT application. Thanks to this fully managed cloud service, users can be organized into groups according to the current structure of a company. This supports a flexible and scalable business organization that can be restructured without the need to involve the IT specialists.
The user permissions are derived from their roles and the group membership. The decisions to give a user access to certain functions are based on the roles that individual users perform as a part of an organization. The access management model facilitates comprehensive access control policies. For that, hierarchical groups, default roles, and custom role definitions are provided. This reduces the source of administrative errors and consequently the costs for secure user administration.
The service provides a RESTful HTTP API, an administrative user interface, user-self-service interfaces and Java client libraries.
Schematic setup of an IoT application using the Bosch IoT Permissions service APIs.
Bosch-IoT-Permissions-Admin

User management

User management addresses the management of user accounts for your application. A user account holds basic user properties such as user name, first name, last name, and email address. Additionally, you can make use of multiple custom user attributes, e.g. birthday or mobile number.
The API provides several ways to authenticate users, as well as a range of self services for users (e.g. registration with customizable email notification). By integrating with an external identity provider such as Bosch eIDP or Google, your application can delegate all authentication requests to the external provider, and still get a local user account at Bosch IoT Permissions, which facilitates additional user data and authorization management.

Authorization management

Build your own IoT application that registers its roles and permissions at Bosch IoT Permissions. In your application, you are free to decide which permission should be checked when a specific functionality is executed, and how to group various permissions into application roles.
Once your roles and permissions are registered at the service, you can empower your users with all necessary permissions. You can directly grant roles to users, or even group your users and assign the roles to the group. Since the groups support hierarchies, even highly sophisticated scenarios can be represented. In case you need to authenticate software tools or end-user devices, you can issue credentials that authorize use of a subset of a user’s permissions.
After authentication, the service provides authorization information, such as the user’s roles and permissions as a JSON Web Token (JWT). This token is used by your application to check for permissions and can also be passed along to other services in a multi-service architecture. Since authenticity can be verified locally without a remote request, authorization checks can be executed efficiently on the token.
Bosch-IoT-Permissions-all-users
Bosch-IoT-Permissions-all-users

Tenant management

The multitenancy principle is fully implemented by Bosch IoT Permissions. All entities belong to one tenant to ensure data and services between tenants remain strictly separate. Each tenant is empowered to manage his or her own users, groups, and roles. The service also supports you in developing a multitenant application for your business customers. Each of you customers can be managed as an own tenant. In your application, you need to ensure that the application is shared with each customer; each customer can only manage their own application data.
Tenant management provides a model and an API to implement this. Additionally, it allows controlled sharing of application data between tenants.
  • Sharing an application – Offering an application as a service to a tenant.
    Provider tenants can offer other tenants access to their applications. Each receiving tenant works on his or her own data that results from using the application.
  • Sharing data – Using an application with another tenant’s data.
    Provider tenants can also offer access to the application and their own data. The receiving tenant can act transparently on behalf of the provider.
The service API allows for setting up and managing these cross-tenant access scenarios via the tenant relations concept.

How can I make use of Bosch IoT Permissions?

Bosch IoT Permissions is available as a fully managed, shared service in the Bosch IoT Cloud.
Alpha available via Amazon Web Services.

Service plans at a glance

Bosch IoT Permissions provides progressive service plans. Any additional capacity is granted in a usage-based pricing model.

  Free Starter Standard
User Management
Authorization Management
Tenant Management -
Included Users 10 500 10,000
Included Tenants 5 1 20
Possibility to increase volume -
  • Free
  • Feature
  • User Management
  • Authorization Management
  • Tenant Management
  • Included
  • 10 Users
  • 5 Tenants
  • Starter
  • Feature
  • User Management
  • Authorization Management
  • Included
  • 500 Users
  • 1 Tenants
  • Possibility to increase volume
  • Standard
  • Feature
  • User Management
  • Authorization Management
  • Tenant Management
  • Included
  • 10,000 Users
  • 20 Tenants
  • Possibility to increase volume

Need more information?

Contact our IoT platform experts