| Available since TBMQ Version 2.0 | 
TBMQ provides a dedicated Settings page that allows administrators to manage key system configurations directly from the user interface. The Settings page is divided into three tabs, each focused on a specific category of system configuration.
Security settings
Configure the execution order of MQTT authentication providers, controlling the priority in which client credentials are validated. Define broker user password policies, including password strength requirements, expiration settings, and reuse restrictions to enforce strong account security.
MQTT Authentication
At the current stage, we have only one parameter in this section called Authentication Execution Order. It defines the order in which the broker will use authentication providers to validate MQTT client authentication.
Key rules:
- Disabled providers will be skipped in the authentication flow.
- The authentication flow stops at the first successful result or after evaluation of all enabled providers.
- If all providers are disabled, the client will be authenticated without MQTT client credentials validation.
Password policy
To log into TBMQ, the user uses an email and password. You can enhance the security of your account by updating your security settings, including the password policy.
For example, you can increase a minimum password length, require a mix of uppercase and lowercase letters, and specify the minimum number of digits and special characters. Additionally, you can set a password expiration period to ensure that passwords are updated regularly.
These measures will help ensure stronger and more secure passwords, thereby promoting better overall account security.
The password policy sets the rules that passwords for the TBMQ users must meet. You can specify the following options to ensure stronger security:
- Minimum password length - the parameter determines the minimum number of characters in the password. Minimum password length should be in a range from 6 to 50 and is the only required field.
- Maximum password length - the parameter determines the maximum number of characters in the password. Maximum password length should be greater than minimum length.
- Minimum number of uppercase letters - set the minimum number of uppercase letters in the password.
- Minimum number of lowercase letters - set the minimum number of lowercase letters in the password.
- Minimum number of digits - specify minimum number of digits in the password.
- Minimum number of special characters - specify the minimum number of special characters in the password.
- Password expiration period in days - force expiration of the password. After the password expires, TBMQ will require the user to change it. This ensures users regularly update their passwords.
- Password reuse frequency in days - disallow to use the same password for the defined number of days. For example, if the Password reuse frequency is set to 90 days, users will not be able to reuse any of their previous passwords for 90 days after changing their password.
- Allow whitespace - if the checkbox is checked, spaces are allowed in the password.
- Force to reset password if not valid - users with a password that fails the validation will need to reset their password via email. Please be careful when enabling this feature: it will require users with not valid password to reset their password via email.
After configuring the desired password policy settings, apply the changes by pressing the “Save” button.
When the password policy is updated, new users will be required to adhere to the new password rules. Note that if you have enabled the Force to reset password if not valid option, all users (not only new ones) who do not meet the new requirements will be forced to update their passwords.
Change password
To change your account password to comply with the new requirements, you should follow these steps:
- Open account settings by clicking on the menu icon in the top right corner and select ‘Account’.
- Click on the ‘Security’ tab.
- Change the password according to the new rules.
- Click ‘Change password’.
 
       
      General settings
Define global MQTT connectivity settings used across the TBMQ UI (such as default host and port values) and configure WebSocket client behavior, including activity logging options and message retention limits for the in-browser message table.
Connectivity
In the Connectivity Settings page you can override the default host and port for the following protocols:
- MQTT. The TCP listener port for plain MQTT connections.
- MQTTS. The SSL/TLS port for secure MQTT connections.
- WS. The WebSocket listener port for MQTT over WebSockets.
- WSS. The secure WebSocket listener port for MQTT over secure WebSockets.
Host refers to the hostname or IP address the server binds to. The default host for the UI is window.location.hostname, which dynamically uses the hostname of the web page’s URL.
| Protocol | Default Port | Port Variable | Bind Address Variable | 
|---|---|---|---|
| MQTT | 1883 | LISTENER_TCP_BIND_PORT | LISTENER_TCP_BIND_ADDRESS | 
| MQTTS | 8883 | LISTENER_SSL_BIND_PORT | LISTENER_SSL_BIND_ADDRESS | 
| WS | 8084 | LISTENER_WS_BIND_PORT | LISTENER_WS_BIND_ADDRESS | 
| WSS | 8085 | LISTENER_WSS_BIND_PORT | LISTENER_WSS_BIND_ADDRESS | 
These custom values will be used in various parts of the TBMQ application where protocol-specific connectivity is required. Here are two key examples:
- Check connectivity window. Uses the MQTT connectivity settings to generate commands with custom host and port.
- Add WebSocket Connection window. Uses the WS connectivity settings to auto-generate a WebSocket connection URL address with a custom host and port.
 
       
       
       
      WebSocket client
In this section, you can configure additional settings related to the WebSocket Client - a browser-accessible tool that provides management of MQTT clients, subscription to topics, receiving messages, and publishing messages.
- Log MQTT client activity feature can be helpful in debugging connection issues and monitoring message flows by providing real-time client activity logs. 
If set to true, you will see logs for the following MQTT.js events in the browser developer console:
    - Connect. Triggered when a client successfully connects to the broker.
- Disconnect. Triggered when a client disconnects from the broker.
- Reconnect. Triggered when a client attempts to reconnect after a disconnection.
- Message. Triggered when a message is received by the client.
- Error. Triggered when an error occurs during communication.
- End. Triggered when the client ends the connection gracefully.
- Close. Triggered when the connection is closed by the client or broker.
- Packet receive. Triggered when a packet is received from the broker.
- Packet send. Triggered when a packet is sent to the broker.
- Offline. Triggered when the client goes offline.
- Outgoing empty. Triggered when all outgoing messages have been sent.
 
- Maximum messages in WebSocket Client table setting allows you to control the limit of messages per WebSocket connection to be persisted in the browser’s memory.
Mail server settings
Please refer to the ThingsBoard docs Mail Settings in order to configure SMTP server that is used to reset user’s password.
