Self-Registering MQTT Clients

Simple self-registration for MQTT clients with username and password.

The MQTT client self-registration via authentication attempt process allows you to securely add new MQTT clients to Connectware via self-registration without having to handle passwords manually. This method works with any standard MQTT client and requires minimal configuration because clients generate their own passwords during registration.

New users created through this process have no permissions by default. Administrators must explicitly assign appropriate permissions after registration is complete.

For registering clients including additional information, such as context details, role requests, permission specifications, and certificate signing requests (CSRs), in their registration payload, see Client Self-Registration via REST API.

The username must follow the Connectware username requirements. The password must be at least five characters long or must adhere to the Password Policy Configuration.

Registration Workflow

The MQTT client self-registration process via authentication attempt follows these steps:

The Connectware administrator unlocks the Client Registry from the Client Registry View.
An MQTT client attempts to connect using credentials for a non-existent user.
Connectware logs the attempt, rejects the request, and creates a pending registration entry.
The administrator reviews and approves the registration in the Client Registry View.
Connectware creates a user with the provided credentials.
The administrator assigns roles or permissions to the new user.
The MQTT client reconnects with the same credentials and successfully authenticates.

Initiating the Self-Registration (MQTT Client)

This section is for MQTT clients that want to initiate the self-registration.

Prerequisite

The Client Registry must be unlocked by a Connectware administrator.

Initiating the Self-Registration

To initiate the self-registration, the MQTT client must attempt to connect using basic authentication (username/password).

Example

mosquitto_pub -h <connectware-host> -p 1883 -u "<username>" -P "<password>" -i "<client-id>" -t "devices/sensor3/data" -m "temperature"

Once the request is initiated

The MQTT client receives an authentication error.
Connectware logs the credentials as a pending registration.
A Connectware admin must now review and approve the request.
After approval, the MQTT client retries with the same credentials and successfully connects.

Client access is limited until the administrator assigns roles or specific permissions.

Approving Self-Registration Requests (Admin)

This section is for Connectware admins that want to approve a self-registration request.

After an MQTT client attempts registration, the Connectware admin must approve the request before the client can access the system.

Approving Self-Registration Requests via REST API

To approve self-registration requests via REST API, refer to the Confirm a single authentication request parameter documented in the Auth Server API Reference.

Approving Self-Registration Requests via Admin UI

To approve the self-registration requests via the Admin UI, do as follows:

In the Client Registry View, click the Unlock button to temporarily unlock the self-registration. The registry will remain open for five minutes and will automatically lock again after this period. You can manually lock the registry by clicking the Lock button.

Locate the pending registration request in the registry table.

Click the request to open the Grant Access dialog.
Review the request details and click Allow to approve registration.

In the navigation panel, click User and confirm that the new user appears in the list.
Assign appropriate roles or permissions. For more information, see Adding Roles to Users.

PreviousClient Registry NextSelf-Registering Clients via REST API

Last updated 1 month ago

Was this helpful?