WatchGrid 1.24.0

Version 1.24.0 is the biggest release since we launched the control plane. It closes the gap between WatchGrid and what enterprise operations teams expect from production infrastructure tooling, starting with single sign-on and going all the way down to per-device Raspberry Pi telemetry.

Here’s what’s new.

OIDC single sign-on is now fully supported. If your organisation uses Microsoft Entra ID (formerly Azure AD) or any standard OpenID Connect provider, you can now configure a Login with SSO button directly on the WatchGrid login page.

Everything is configurable from the new System > Users super-admin panel: issuer URL, client ID and secret, button label, claim mapping, default tenant and role assignment, and automatic user provisioning. When a new user signs in via SSO for the first time, WatchGrid can create and link their account automatically, no manual onboarding required.

For teams managing dozens of operators across multiple tenants, this removes an entire category of access management overhead.

Firewall rules that follow your topology

Edge security has always been about more than perimeter protection. In 1.24.0, WatchGrid introduces multi-level firewall rule management, allowing you to define allow and deny rules at the tenant, site, or device scope.

Rules are enforced as iptables entries within the WireGuard mesh, and support:

Protocol: TCP, UDP, ICMP, or any
Source and destination: IP address or CIDR range
Port or port range
Direction: inbound, outbound, or both
Priority ordering and enable/disable toggle

A new System > Firewall page gives you a scoped view with tabs per level, a full rules table, and a create/edit modal. The REST API is available for teams that manage configuration programmatically: GET, POST, PUT, DELETE, and toggle endpoints under /api/firewall/rules.

A cleaner control plane

Two sections that previously lived on the dashboard have been promoted to dedicated pages:

System > Admin Devices: manage WireGuard-enabled admin workstations in one place
System > Pending Approvals: full approve, deny, and profile workflow for new device enrolments

Both pages give you more room to work and make it easier to handle approvals at scale without losing context.

Know exactly where your devices are

The device and cluster detail panels now include a Location tab. From there you can set a name, latitude, longitude, and toggle a location lock directly from the Sites workspace, without leaving your current context.

Devices that don’t yet have a location are no longer invisible on the dashboard map. They now appear as a gray ? marker at a deterministic placeholder position, so you always know what’s enrolled even before it’s been placed.

Raspberry Pi telemetry

If you’re running Raspberry Pi devices in your deployment, WatchGrid now surfaces dedicated Pi telemetry in the Sites device info panel:

CPU temperature
Core voltage
SDRAM voltage

These readings appear under a dedicated Pi Telemetry section, giving you the hardware-level insight you need to catch thermal issues or voltage anomalies before they become failures, especially important for devices deployed in uncontrolled environments like vessels, factory floors, or outdoor enclosures.

Get started

The 1.24.0 update is available now. If you’re on the hosted Trial plan, your environment is already running the latest version. For self-hosted deployments, contact us and we’ll walk you through the upgrade.

Questions or feedback? Reach us at sales@watchgrid.nl.