diff --git a/src/ScadaLink.CentralUI/Components/Forms/OpcUaEndpointEditor.razor b/src/ScadaLink.CentralUI/Components/Forms/OpcUaEndpointEditor.razor
index c2d2baa..e78e4fc 100644
--- a/src/ScadaLink.CentralUI/Components/Forms/OpcUaEndpointEditor.razor
+++ b/src/ScadaLink.CentralUI/Components/Forms/OpcUaEndpointEditor.razor
@@ -40,6 +40,61 @@
         </div>
     </div>
 
+    <div class="text-muted small mt-2 mb-1">Authentication</div>
+    @if (Config.UserIdentity is null)
+    {
+        <button type="button" class="btn btn-outline-secondary btn-sm mb-2"
+                @onclick="EnableAuthentication">Enable Authentication</button>
+    }
+    else
+    {
+        <div class="row g-2 mb-2">
+            <div class="col-md-3">
+                <label class="form-label small">Token type</label>
+                <select class="form-select form-select-sm" @bind="Config.UserIdentity.TokenType">
+                    <option value="@OpcUaUserTokenType.Anonymous">Anonymous</option>
+                    <option value="@OpcUaUserTokenType.UsernamePassword">Username / Password</option>
+                    <option value="@OpcUaUserTokenType.X509Certificate">X.509 Certificate</option>
+                </select>
+            </div>
+            @if (Config.UserIdentity.TokenType == OpcUaUserTokenType.UsernamePassword)
+            {
+                <div class="col-md-3">
+                    <label class="form-label small">Username</label>
+                    <input type="text" class="form-control form-control-sm"
+                           @bind="Config.UserIdentity.Username" />
+                    @RenderFieldError("UserIdentity.Username")
+                </div>
+                <div class="col-md-3">
+                    <label class="form-label small">Password</label>
+                    <input type="password" class="form-control form-control-sm"
+                           @bind="Config.UserIdentity.Password" />
+                </div>
+            }
+            else if (Config.UserIdentity.TokenType == OpcUaUserTokenType.X509Certificate)
+            {
+                <div class="col-md-4">
+                    <label class="form-label small">Certificate path</label>
+                    <input type="text" class="form-control form-control-sm"
+                           @bind="Config.UserIdentity.CertificatePath"
+                           placeholder="/etc/scadalink/pki/client.pfx" />
+                    @RenderFieldError("UserIdentity.CertificatePath")
+                </div>
+                <div class="col-md-3">
+                    <label class="form-label small">Certificate password</label>
+                    <input type="password" class="form-control form-control-sm"
+                           @bind="Config.UserIdentity.CertificatePassword" />
+                </div>
+            }
+            <div class="col-md-3 d-flex align-items-end">
+                <button type="button" class="btn btn-outline-danger btn-sm"
+                        @onclick="() => Config.UserIdentity = null">
+                    Remove Authentication
+                </button>
+            </div>
+        </div>
+    }
+
     <div class="text-muted small mt-2 mb-1">Timing</div>
     <div class="row g-2 mb-2">
         <div class="col-md-3">
@@ -96,6 +151,69 @@
         </div>
     </div>
 
+    <div class="text-muted small mt-2 mb-1">Advanced subscription</div>
+    <div class="row g-2 mb-2">
+        <div class="col-md-3">
+            <label class="form-label small">Subscription display name</label>
+            <input type="text" class="form-control form-control-sm"
+                   @bind="Config.SubscriptionDisplayName" />
+            @RenderFieldError("SubscriptionDisplayName")
+        </div>
+        <div class="col-md-2">
+            <label class="form-label small">Subscription priority</label>
+            <input type="number" class="form-control form-control-sm"
+                   @bind="Config.SubscriptionPriority" min="0" max="255" />
+        </div>
+        <div class="col-md-3">
+            <label class="form-label small">Timestamps to return</label>
+            <select class="form-select form-select-sm" @bind="Config.TimestampsToReturn">
+                <option value="@OpcUaTimestampsToReturn.Source">Source</option>
+                <option value="@OpcUaTimestampsToReturn.Server">Server</option>
+                <option value="@OpcUaTimestampsToReturn.Both">Both</option>
+            </select>
+        </div>
+        <div class="col-md-2 d-flex align-items-end">
+            <div class="form-check">
+                <input class="form-check-input" type="checkbox"
+                       id="@($"{IdPrefix}-discardoldest")"
+                       @bind="Config.DiscardOldest" />
+                <label class="form-check-label small"
+                       for="@($"{IdPrefix}-discardoldest")">Discard oldest</label>
+            </div>
+        </div>
+    </div>
+
+    <div class="text-muted small mt-2 mb-1">Deadband filter</div>
+    @if (Config.Deadband is null)
+    {
+        <button type="button" class="btn btn-outline-secondary btn-sm mb-2"
+                @onclick="EnableDeadband">Enable Deadband</button>
+    }
+    else
+    {
+        <div class="row g-2 mb-2">
+            <div class="col-md-3">
+                <label class="form-label small">Type</label>
+                <select class="form-select form-select-sm" @bind="Config.Deadband.Type">
+                    <option value="@OpcUaDeadbandType.Absolute">Absolute</option>
+                    <option value="@OpcUaDeadbandType.Percent">Percent</option>
+                </select>
+            </div>
+            <div class="col-md-3">
+                <label class="form-label small">Value</label>
+                <input type="number" step="0.01" class="form-control form-control-sm"
+                       @bind="Config.Deadband.Value" min="0" />
+                @RenderFieldError("Deadband.Value")
+            </div>
+            <div class="col-md-3 d-flex align-items-end">
+                <button type="button" class="btn btn-outline-danger btn-sm"
+                        @onclick="() => Config.Deadband = null">
+                    Remove Deadband
+                </button>
+            </div>
+        </div>
+    }
+
     <div class="text-muted small mt-2 mb-1">Heartbeat</div>
     @if (Config.Heartbeat is null)
     {
@@ -138,6 +256,12 @@
     private void EnableHeartbeat() =>
         Config.Heartbeat = new OpcUaHeartbeatConfig();
 
+    private void EnableAuthentication() =>
+        Config.UserIdentity = new OpcUaUserIdentityConfig();
+
+    private void EnableDeadband() =>
+        Config.Deadband = new OpcUaDeadbandConfig();
+
     private RenderFragment? RenderFieldError(string field)
     {
         var match = Errors?.Errors.FirstOrDefault(e =>
diff --git a/tests/ScadaLink.CentralUI.Tests/Forms/OpcUaEndpointEditorTests.cs b/tests/ScadaLink.CentralUI.Tests/Forms/OpcUaEndpointEditorTests.cs
index b8b5f53..5c43676 100644
--- a/tests/ScadaLink.CentralUI.Tests/Forms/OpcUaEndpointEditorTests.cs
+++ b/tests/ScadaLink.CentralUI.Tests/Forms/OpcUaEndpointEditorTests.cs
@@ -136,9 +136,10 @@ public class OpcUaEndpointEditorTests : BunitContext
         };
         var cut = Render<OpcUaEndpointEditor>(p => p.Add(c => c.Config, config));
 
-        Assert.Contains("Username", cut.Markup);
-        Assert.Contains("Password", cut.Markup);
-        Assert.DoesNotContain("Certificate path", cut.Markup);
+        // <label>Username</label> only renders for the UsernamePassword branch
+        Assert.Contains(">Username<", cut.Markup);
+        Assert.Contains(">Password<", cut.Markup);
+        Assert.DoesNotContain(">Certificate path<", cut.Markup);
     }
 
     [Fact]
@@ -153,9 +154,9 @@ public class OpcUaEndpointEditorTests : BunitContext
         };
         var cut = Render<OpcUaEndpointEditor>(p => p.Add(c => c.Config, config));
 
-        Assert.Contains("Certificate path", cut.Markup);
-        Assert.Contains("Certificate password", cut.Markup);
-        Assert.DoesNotContain("Username", cut.Markup);
+        Assert.Contains(">Certificate path<", cut.Markup);
+        Assert.Contains(">Certificate password<", cut.Markup);
+        Assert.DoesNotContain(">Username<", cut.Markup);
     }
 
     [Fact]
@@ -167,8 +168,8 @@ public class OpcUaEndpointEditorTests : BunitContext
         };
         var cut = Render<OpcUaEndpointEditor>(p => p.Add(c => c.Config, config));
 
-        Assert.DoesNotContain("Username", cut.Markup);
-        Assert.DoesNotContain("Certificate path", cut.Markup);
+        Assert.DoesNotContain(">Username<", cut.Markup);
+        Assert.DoesNotContain(">Certificate path<", cut.Markup);
     }
 
     [Fact]