With the exorbitant growth in the number of connected devices, the lack of proper identity and access management (IAM) mechanisms has become a major concern. The traditional IAM systems, which focus solely on managing people’s digital identities, fail to accommodate billions of Internet of Things (IoT) devices. The emerging concepts such as decentralized identifiers (DIDs) and verifiable credentials (VCs) provide new perspectives on incorporating IAM capabilities into IoT ecosystems. In this paper, we present a decentralized IAM framework for IoT named DIAM-IoT, which is able to create a unified, interoperable, and tamper-proof device identity registry on top of the blockchain by introducing DIDs and VCs into the lifecycle of IoT devices, thereby breaking IoT application silos and unlocking the potential of IoT on a global scale. A proof-of-concept implementation of the DIAM-IoT framework for decentralized and user-centric data authorization demonstrates its feasibility and effectiveness in practice.