Client authentication
Azure Event Grid's MQTT broker supports the following authentication modes.
- Certificate-based authentication
- Microsoft Entra ID authentication
- Custom JWT authentication
Certificate-based authentication
You can use Certificate Authority (CA) signed certificates or self-signed certificates to authenticate clients. For more information, see MQTT Client authentication using certificates.
Microsoft Entra ID authentication
You can authenticate MQTT clients with Microsoft Entra JWT to connect to Event Grid namespace. You can use Azure role-based access control (Azure RBAC) to enable MQTT clients, with Microsoft Entra identity, to publish or subscribe access to specific topic spaces. For more information, see Microsoft Entra JWT authentication and Azure RBAC authorization to publish or subscribe MQTT messages.
Custom JWT authentication
You can authenticate MQTT clients using JSON Web Tokens (JWT) issued by any third-party OpenID Connect (OIDC) identity provider. This authentication method provides a lightweight, secure, and flexible option for MQTT clients that aren't provisioned in Azure. For more information, see authenticate client using custom JWT
Related content
- Learn how to authenticate clients using certificate chain
- Learn how to authenticate client using Microsoft Entra ID token
- Learn how to authenticate client using custom JWT
- See Transport layer security with MQTT broker