Set Up Enterprise SSO

Enterprise SSO lets your team authenticate with the HiveMQ Platform through your organization’s identity provider (IdP).

For background on how Enterprise SSO works, see Enterprise Single Sign-On.

Enterprise SSO requires activation by HiveMQ before you begin. Only the organization Owner can request activation and configure SSO connections.

Before You Begin

  • Confirm you have the Owner role in your HiveMQ organization.

  • Identify the corporate email domains to include in the SSO connection.

  • Identify the administrator who manages your organization’s identity provider.

Step 1: Request SSO Activation

  1. Contact the HiveMQ Cloud support team at cloud@hivemq.com or your Technical Account Manager (TAM) to request Enterprise SSO activation.

  2. In your request, list the corporate email domains to use for Home Realm Discovery.

    For example: company.com, subsidiary.company.com.

HiveMQ activates Enterprise SSO for your organization and confirms when it is ready.

Step 2: Verify That SSO Is Enabled

  1. Log in to the HiveMQ Platform and open the Organization page.

  2. Confirm that the Enterprise Connections area is visible.

If the Enterprise Connections area does not appear, contact your HiveMQ account team.

Step 3: Create an Enterprise Connection

  1. In the Enterprise Connections area, click Create New Connection.

  2. In Connection Name, enter a descriptive name for the connection.

    The name must be at least five characters long.

  3. In Domains, select one or more domains from the list.

    The list shows the domains you submitted in your activation request.

  4. Click Create Ticket to generate the Self-Service SSO ticket URL.

The ticket URL appears in the Enterprise Connections area.

Step 4: Configure Your Identity Provider

  1. Copy the Self-Service SSO ticket URL from the Enterprise Connections area.

  2. Send the URL to the administrator who manages your corporate identity provider.

  3. The administrator opens the URL in a browser to launch the SSO setup assistant.

  4. The setup assistant guides the administrator through the following steps:

    1. Enter the IdP metadata.

      The assistant provides specific instructions for common providers such as Okta, Azure AD, and other SAML or OIDC-based systems.

    2. Submit and verify the IdP details.

When the administrator submits verified IdP details, the connection becomes active automatically.

Step 5: Verify the Login Experience

  1. Open the HiveMQ Platform login page.

  2. Enter a corporate email address with one of the configured domains.

  3. Confirm that HiveMQ redirects to your identity provider for authentication.

  4. After successful authentication, confirm that you return to the HiveMQ Platform with an active session.

Next Steps

  • To manage team membership through your identity provider, see Enterprise Single Sign-On.

  • To add new team members, provision them in your identity provider (direct invitations are disabled when SSO is active).

  • To return to the account setup path, see Set Up Your HiveMQ Account.