Skip to main content


Connhex IAM is a service that manages identities and permissions in Connhex Cloud.


This introduction discusses low-level IAM concepts. For practical abstractions that are enough for most applications, see here and here.

Use cases

Connhex IAM can be used anytime you need to apply logic that involves assigning or enforcing permissions to some entity. Practically speaking, the vast majority of the services composing Connhex Cloud integrates with Connhex IAM.

Key concepts

There are a few definitions that are instrumental in understanding Connhex IAM.

An identity is an entity, represented by a unique ID, that can authenticate and access Connhex. An identity example would be a user account: it can be represented by a unique identifier (e.g. email address, social ID, ...) that can be used to get access to Connhex.

Actions are operations an identity can perform on a resource. Typical actions are creating, reading, updating and deleting resources.

A resource is something upon which actions can be performed. It shouldn't be confused with a Connhex Resource: the IAM resource is much more general. The prime resource example is represented by devices.

A policy is a set of rules that dictates how a given software entity behaves. It describes what actions can be performed on a resource by an identity. For example, it specifies that a user can read and update a set of devices but can't create new ones.

Why policies?

These concepts might seem cumbersome: why shouldn't you just use any user management strategy that comes straight out of the box with any IoT platform?

This is another example of how Connhex is different. In real production use cases, users can't be managed on an equal basis. You'll always have that particular customer that needs a slightly different behaviour: instead of hard-coding an if statement to handle it, Connhex gives you all the tools necessary to satisfy his necessities.

Because we all know that one simple and reasonable exception quickly becomes two, then three, then "we need to rewrite this from scratch".