Configure Access Management
Before MQTT clients can connect to your broker, configure at least one authentication method. Access management covers authentication (verifying client identity) and authorization (controlling client actions). For more information, see Access Management.
| HiveMQ Cloud brokers support only one active authentication method at a time. Configuring a new authentication method disables the previously configured method. Currently connected clients disconnect and require reconfiguration. |
To open access management settings:
-
Select Connect.
-
Select a broker.
-
Click Configure to view broker details.
-
Switch to Access Management.
Access Management by Plan
The access management options available to you depend on your HiveMQ Cloud plan.
The Serverless plan supports one authentication method, access credentials, and ties one permission directly to each credential.
The Starter plan and Enterprise plan support three authentication methods (access credentials, client certificates, and JSON Web Tokens) and group permissions into roles. On the Starter plan, you assign one or more roles to each credential, client certificate, or JWT.
For more details, see Access Management Options by Cloud Subscription Plan.
| Cloud Enterprise customers have access to Data Intelligence. Cloud Enterprise brokers are provisioned by HiveMQ after a sales purchase. If you have a Cloud Enterprise plan, your broker already appears in Connect. |
Authentication
Configure one of the following authentication methods to allow MQTT clients to connect to your broker:
-
Create Access Credentials (Serverless and Starter plans)
-
Create a Client Certificate (Starter and Enterprise plans)
-
Create a JSON Web Token (Starter and Enterprise plans)
Authorization
After you configure authentication, define the actions that authenticated clients are permitted to perform:
-
Add a Permission (Serverless and Starter plans)
-
Add a Custom Role (Starter and Enterprise plans)