188 Request a demo Download
Request a demo Download Star on GitHub · 188
BridgeLink plugin

Advanced Access Control

Role-based access control with built-in multi-factor authentication.

User guide Request a demo

Why it matters

Control who can do what.

As your team grows, managing permissions one user at a time becomes error-prone and hard to audit. Advanced Access Control lets you define reusable roles with granular, per-feature permissions and assign them to users, so everyone has exactly the access they need and nothing more. Paired with multi-factor authentication, it gives you a clear, enforceable security model across both the BridgeLink interface and its API.

Capabilities

What it does.

Reusable roles

Define named roles like Administrator, Support, or Interface Engineer and assign them to users, instead of managing permissions one user at a time.

Per-feature permissions

Set a permission level for every feature area in BridgeLink, so each role sees and does exactly what it should.

Multi-factor authentication

Add time-based MFA with an authenticator app and QR-code enrollment, bundled with the plugin.

Enforced everywhere

Permissions are applied consistently across the BridgeLink interface, with safe defaults when no role is assigned.

How it works

Get started in minutes.

  1. 1

    Create roles

    Define roles like Administrator, Support, or Interface Engineer, each with a description of its purpose.

  2. 2

    Set per-feature permissions

    For every feature area, choose Editor, View, or No Permission. Start from a baseline with the bulk-set buttons, then fine-tune.

  3. 3

    Assign roles to users

    Pick a role for each user on the User Configuration tab. Their interface updates to match on the next login.

  4. 4

    Turn on MFA

    Enable multi-factor authentication per user. They enroll a TOTP authenticator app once, then enter a one-time code at every login.

Requirements

What you'll need.

  • A valid license: Access Control is part of the BridgeLink commercial security suite, bundled with MFA
  • BridgeLink with administrator access
  • A TOTP authenticator app for any user with MFA enabled (Google Authenticator, Microsoft Authenticator, Authy, and similar)
  • A separate non-MFA service account for any REST API integrations

FAQ

Frequently asked questions.

How are permissions enforced?

At two levels. Restricted features are removed from the interface entirely, and the server also gates every API call, so users cannot reach restricted areas even through the REST API.

What happens if a user has no role?

A user with No Role keeps full access. Assign every user a role, and always keep at least one user with full Editor access, including Access Control, so you cannot lock yourself out.

Does MFA work with my authenticator app?

Yes. MFA is compatible with any TOTP-based app, including Google Authenticator, Microsoft Authenticator, Authy, and 1Password.

Does enabling MFA affect API access?

Yes. Accounts with MFA enabled cannot authenticate against the BridgeLink REST API, so use a separate service account without MFA for API integrations.

Can a user reset MFA if they lose their device?

An administrator can reset it from the User Configuration tab. The user enrolls again with a new secret key the next time MFA is enabled.

Availability

Part of the BridgeLink commercial security suite, bundled with multi-factor authentication. Requires a valid license to activate.

Add Advanced Access Control to BridgeLink.

Talk to us about your deployment, or read the full user guide to get started.

Request a demo User guide