HiveMQ Enterprise Security Extension

The HiveMQ Enterprise Security Extension (ESE) expands the role, user, and permission-management capabilities of HiveMQ Enterprise and Professional editions. ESE allows you to use different sources of external authentication and authorization data to authenticate and authorize MQTT clients. In the ESE, you define realms to partition your server into protected areas that can each have their own authentication and / or authorization scheme.

The ESE processes incoming client connections in highly configurable pipelines that offer customizable stages to handle the authentication and authorization of your clients.

HiveMQ Enterprise Security Extension Architecture

If you are unfamiliar with MQTT and HiveMQ security concepts, we highly recommend our MQTT Security Fundamentals blog series.

Features of HiveMQ Enterprise Security Extension

Full support for authentication and authorization via SQL databases.
Full support for authentication and authorization via files.
Full support for OAuth 2.0 authentication for MQTT and REST API listeners via JSON Web Tokens.
Configurable client certificate revocation check for MQTT and WebSocket listeners.
Dynamic permission placeholders to individualize topic permissions on a per-client basis.
Ability to implement sophisticated custom logic for authentication over LDAP (Lightweight Directory Access Protocol).
Detailed access log to help you monitor data and keep track of potential security breaches.
Access control including role-based access control (RBAC) for the HiveMQ Control Center (ESE version 1.2.0 and higher).
Preprocessing for the extraction of authentication and authorization information from X.509 certificates and HTTP headers.
Fine-grained access control for the HiveMQ REST API.

Requirements

A running HiveMQ Professional or Enterprise Edition installation (versions 4.1.0 and higher).
A valid license for the HiveMQ Enterprise Security Extension.

If you do not provide a valid license, HiveMQ uses a free trial license automatically.
Trial licenses for HiveMQ Enterprise Extensions are valid for 5 hours. For more license information or to request an extended evaluation license, please contact HiveMQ sales.

For step-by-step installation information, see HiveMQ Enterprise Security Extension (ESE) Start Up Guide.