DEVBRIDGE.

In Development — Version 1.0

Control Plane.

Enterprise governance for centralised access control, policy management, and compliance visibility.

IS.

  • A centralised policy management platform
  • An access control layer for multi-tenant environments
  • A compliance visibility dashboard for security teams
  • A governance interface that non-technical teams can use

IS NOT.

  • A VPN or network perimeter tool
  • A SIEM or log aggregation platform
  • A replacement for your identity provider
  • A tool that requires a dedicated security engineer to operate

Architecture.

01
Presentation Layer

React-based dashboard. Role-contextual views — administrators see full policy trees; end users see only their entitlements. Zero-friction onboarding with guided setup flows.

02
API Gateway

Rate-limited, authenticated REST API. JWT-based session management with refresh token rotation. All requests logged to immutable audit trail.

03
Application Layer

Django core with policy evaluation engine, permission resolver, and compliance rule processor. Stateless — scales horizontally without session affinity.

04
Integration Layer

Bidirectional sync with identity providers (Phase 1: Azure AD, Okta; Phase 2: LDAP, Google Workspace). Webhook notifications for policy change events.

05
Data Layer

PostgreSQL with row-level security. Encrypted at rest (AES-256). Automated daily backups with point-in-time recovery. Audit logs write-once via append-only table.

Security.

Standard
AuthenticationUsername + Password
MFAOptional TOTP
Session8h rolling
Audit Log90 days
EncryptionTLS 1.2+
Enhanced
AuthenticationSSO via Provider
MFARequired TOTP/FIDO2
Session4h with reauth
Audit Log1 year
EncryptionTLS 1.3 + AES-256
Government
AuthenticationMFA Required + SSO
MFAHardware Key (FIDO2)
Session2h, re-auth on elevation
Audit Log5 years, immutable
EncryptionTLS 1.3 + FIPS 140-2

Components.

01
Policy Engine

Define, version, and enforce access policies across your entire application surface. Supports RBAC and ABAC models. Policy changes are versioned with full diff history and roll-back capability.

02
Access Control

Fine-grained permissions at the resource level. Grant access to specific data sets, functions, or UI surfaces — not just application-level roles. Sync with your IdP or manage natively.

03
Audit & Compliance

Tamper-proof audit log of every access event, policy change, and administrative action. Export to your SIEM or query directly. Compliance reports generated automatically for common frameworks.

04
Resource Governance

Tag, classify, and apply governance rules to any resource in your environment. Set retention policies, data classification levels, and lifecycle rules — tracked and enforced automatically.

Deployment.

Recommended

SaaS

Managed by DevBridge on AWS. Zero infrastructure overhead. Automatic updates, monitoring, and backups. SOC 2 compliance in progress. Best for organisations without dedicated infrastructure teams.

Private Cloud

Deployed to your own AWS account using our Terraform modules. Full data sovereignty. You own the infrastructure, we provide the software and support. Suitable for organisations with existing AWS spend.

On-Premise

Docker-based deployment to your own data centre. For environments where cloud connectivity is restricted by policy. Requires dedicated infrastructure team. Contact us for hardware specifications.

Integrations.

Identity Providers
Phase 1 — Launch
Azure Active Directory
Okta
Google Workspace
Phase 2 — Q2
LDAP / Active Directory
SAML 2.0 Generic
Custom OAuth 2.0
Storage & Data
Phase 1 — Launch
AWS S3
PostgreSQL
MySQL / MariaDB
Phase 2 — Q3
Azure Blob Storage
Google Cloud Storage
MongoDB Atlas
Phase 3 — Q4
Snowflake
Databricks
Custom connectors via API