If you want an administrator user to manage the device management component, the access permission of IoT Hub that user requires is the registryReadWrite policy. The backend solution will require the Service connect policy to access the IoT Hub information.

The authentication of the IoT Hub for each endpoint is based on the access policy permission that the incoming request has. Each communication protocol has their own ways to connect or establish a connectivity with the IoT Hub and pass the required information. For example, HTTPS uses a header to send across the shared keys and token details.

These tokens follow the security architecture guidelines for IoT Hub. In the case of IoT devices, the symmetric key stored in the device registry is used for communication, while the IoT solution uses the shared access policy.