TLS provides two things: Encryption and identity. They are separate.
If you have no client certificate the connection is still encrypted, but anyone can connect.
If you have a client certificate the connection is encrypted and you know that the client is using a certificate you gave them - giving some identity. If everyone has the SAME client certificate then if you want to stop them from connecting, you stop everyone. If everyone has a DIFFERENT client certificate then you can stop only that single client from being able to connect.