Based on identities retrieved from XYZ certificates. Multiple clients per organization are authorized to consume the service at a given point in time. If a connection to the broker (rather than login request) is attempted by a client application while another one (from the same organization) is already established, the connection (or login request) will be refused.