Configure Access Management

Before MQTT clients can connect to your broker, configure at least one authentication method. Access management covers authentication (verifying client identity) and authorization (controlling client actions). For more information, see Access Management.

HiveMQ Cloud brokers support only one active authentication method at a time. Configuring a new authentication method disables the previously configured method. Currently connected clients disconnect and require reconfiguration.

To open access management settings:

  1. Select Connect.

  2. Select a broker.

  3. Click Configure to view broker details.

  4. Switch to Access Management.

Access Management by Plan

The access management options available to you depend on your HiveMQ Cloud plan.

The Serverless plan supports one authentication method, access credentials, and ties one permission directly to each credential.

The Starter plan and Enterprise plan support three authentication methods (access credentials, client certificates, and JSON Web Tokens) and group permissions into roles. On the Starter plan, you assign one or more roles to each credential, client certificate, or JWT.

Cloud Enterprise customers have access to Data Intelligence. Cloud Enterprise brokers are provisioned by HiveMQ after a sales purchase. If you have a Cloud Enterprise plan, your broker already appears in Connect.

Authentication

Configure one of the following authentication methods to allow MQTT clients to connect to your broker:

Authorization

After you configure authentication, define the actions that authenticated clients are permitted to perform: