Midaz Console does not include native access control. However, if you need to manage users, permissions, and roles, you’ll need to acquire the Access Manager plugin, a paid feature available exclusively to Enterprise clients.” Access Manager brings a robust, centralized RBAC (Role-Based Access Control) system to the table, designed to scale with your team and simplify complex permission setups.
Need this feature? Access Manager is available as part of the Enterprise model. If you’d like to learn more or evaluate it for your use case, get in touch with our team.

Why Access Manager?

Access Manager replaces the Console’s legacy access control with a modern, API-driven model backed by a centralized Identity Provider. It’s built for teams that need clarity, consistency, and control over who can access what. Each Enterprise environment is single-tenant, which means your access rules are isolated and secure by design. The Identity Provider takes care of:
  • User authorization.
  • Role and group management.
  • Seamless integration between UI and API.

Our access goals

  • Centralize authentication and authorization.
  • Make it easy to manage users and permissions through a consistent interface.
  • Support role-based access (RBAC) for real-world team structures.
  • Provide a scalable solution for fast-growing teams.

Role-Based Access Model (RBAC)

Once Access Manager is activated, you can assign default roles to users. Each role defines what that user can do inside the Console:
RoleDescriptionPermissions
AdminFull system administratorComplete access to all features, settings, and resources—including user and role management.
EditorContent and settings managerCan modify content and update configurations within assigned areas, but doesn’t have full admin rights.
ContributorTask and content collaboratorCan create and contribute content or perform specific actions, but cannot change core settings.
ViewerRead-only userCan view data and system content but can’t make changes. Ideal for audits or monitoring.
Custom roles and permission definitions are not available in v1. Access is managed only through the default role set.

Enabling Access Manager

After installing the Access Manager plugin, you must enable it for it to function properly. This means updating the Auth variables in the .env files of Midaz Ledger, Midaz Console, or any plugin where you want to use Access Manager. Your configuration should look like this: 
# AUTH CONFIGS
PLUGIN_AUTH_ENABLED=true
PLUGIN_AUTH_HOST=http://plugin-auth:4000

Where to update

You’ll find the relevant .env files in these locations:
  • Midaz Ledger and Midaz Console
    • /midaz/components/onboarding
    • /midaz/components/transaction
    • /midaz/components/console
  • Other plugins
    • The .env file should be in the root directory of the plugin.
Can’t see the files? Try adjusting your system settings to show hidden files since.env files are often hidden by default.

Rebuild after changes

After updating the environment, rebuild your Docker images to apply the changes:
1

In your terminal, go to the root of your Midaz project.
2

If Docker is running, stop it:
make down
3

Then rebuild everything:
make rebuild-up

Accessing Midaz Console

After you enable the Access Manager plugin, the login page will appear when you access Midaz Console (Figure 1).

Figure 1. The Midaz Console login page.

First login

The first time you log in, you must log in as an administrator. To do so, use the default credentials:
  • Email: admin@midaz.tech
  • Password: Lerian@123
After logging in, you’ll go through the Onboarding flow. Once that’s done, you can create the users your Organization needs. These users will use their credentials to access Midaz Console.
Don’t forget to update the admin password after your first login. It’s a simple step that helps keep your environment secure.