authentication_features - mqtt/mqtt.org GitHub Wiki

MQTT v3.1 has username/password support at the API level, so you can ensure only authenticated users connect.

If you are using a tunneling protocol to provide communications security for your MQTT system, you may also be able to leverage this to limit IP access to the MQTT server to those clients that are authenticated to the tunneling protocol.