Feature Request

Hello, since it is not possible to access a DVLS if the first two numbers of the version do not match, I would like to suggest the following: When using a DVLS, there should be an option to define in RDM the maximum version for the first two numbers. Example: DVLS is at 2025.3.x RDM is at version 2025.3.x. If RDM is offline, it is offered version 2026.1.x as an update. This must be prevented. When an RDM connects to DVLS, the version number 2025.3.x has to be transmitted and stored. RDM should then only accept update versions 2025.3.x. Only when DVLS is updated to 2026.1 and RDM connects the next time should it receive the new version number and from then on be allowed to install any 2026.1.x version. A 2026.2.x version should also only be offered once the server runs that version. Since we run our DVLS in a highly secure environment, users only connect to the environment and DVLS via VPN from time to time. RDM therefore always starts offline. In our case, offline vaults are only retained for 7 days. Best regards Andreas

Hello We want to use the dynmic IP List feature. While it's working fine in RDM for Windows, RDM Web does not show any entries: [image] Thank you for fixing. Best regards, John

Hello, Would be handy if expired entries list would also contain the vault folder structure for easier entry identification. This field should also be visible in the scheduled report. BR VP

As a System Owner I want to show only the domain SSO login option when domain SSO is enabled so that I don't confuse my users by being forced to show domain login and domain SSO login options on the authentication page. When domain SSO is enabled, the SSO and regular domain authentication options are displayed. [image]

Hello, I would like to request a small feature: Can you please make Devolutions Gateway compatible with windows certificate store? It would be great if it could be enough to renew the windows certificate and DVG would simply use it, much like IIS does, without having to do an expert (no matter if manual or powershell). Thank you

Hi! When you open the Entry security analyzer report with the Show compromised password (pwned) option, the list takes a long time to load because DVLS seems to query api.pwnedpasswords.com for each password sequentially. It's the same in RDM with the Password analyzer. I think this could be optimized. API calls could parallelized, if they are not already. Hashes could be cached for some time, so you wouldn't need to wait for the whole list to load every time you change the filter or switch pages. The query could run in the background and populate the pwned-status field of each entry as they come in, instead of the whole GUI becoming unusable for a long time. You can even download all password hashes and query them offline: https://haveibeenpwned.com/api/v3#PwnedPasswordsDownload Thank you!

Now that there is a docker deployment for the Devolutions Server, it would be great if there was documentation provided on how to deploy the container in a kubernetes deployment (and even providing a Helm chart would be great). This would help my team as we are wanting to put the Devolutions Server in kubernetes, however there is uneasiness about there being no official documentation on achieving this, thus there are questions regarding vendor support. Thanks

Hi there I see the following added a while back: "Allow any additional hosts with Devolutions Gateway" option in website connection settings" This is a great option yet only configurable via RDM - I expect/hope that while the option can only be enabled via RDM, it actually works via Launcher as well. Please make the option available to be configured via Web, so it can be used with Launcher as well. Thank you

Hi, inside the RDM the Entry Security Analyzer has much more fields than inside DVLS. Could you please improve the report in DVLS? Would be great to define by our own which fields are shown. We miss the status for an entry for example. Regards, Ingo

Can we please get a sort priority option for vaults?

Could we have options to run Synchrnoizers that are scheduled from DVLS more than 1/day. I'd like to see an option for every X hrs starting at specified time. So you could say every 4hrs starting at midnight or something along those lines. My biggest complaint is from users who are building new servers and want the VMRC console before it syncronizes, which is running as a background job on my RDM instance, because the server-side scheduler has a bug that creates duplicates every time it has run. I've trained them to use the vmware dashboard and to connect that way for now. Thanks!

The ability to select the folder to use for credentials is not available in the Web UI Can this be added? [image] [image]

Hi there Is there a way for getting notified by the action "Entry Export"? We have only a few admins which are allowed to export entries, but it would be nice when there is a way to get notified on entry export action. Thank you.

First off, I apologize if this is in the wrong location! I've been reviewing the Ansible module and I think it's great, but I would also love a lookup plugin for fetching credentials so that I wouldn't have to necessarily fetch credentials in a task in a playbook. Here is another product that does this: https://galaxy.ansible.com/ui/repo/published/delinea/ss/docs/tss/ The advantage of this is I could have the lookups directly in inventory and group variables and then could expose the vault ID, URL, API key, etc via variables. The Delinea example is a little messy and I'm sure there's a better way to do it.

We have recently implemented windows hello for business to limit the needs for passwords. Unfortunately, Devolutions Server Browser Extension doesn't accept the PIN, and we have to still use our password. We would like to see Devolutions Team implement this if possible as this will help from a security aspect as more companies look at going to a passwordless approach. Thank You

RDM has the ability to restore deleted items, but it only appears to show items that you've deleted, rather than items right across the vault that could have been deleted by other users - refer https://forum.devolutions.net/topics/8635/recycling-bin-for-deleted-objects Would be good to have a similar feature for DVLS so we can undelete things other people have deleted.

Hello, I am currently setting up our Devolutions Server and would be very happy if the current YubiKey method would be extended by Passkey support, to enable real passwordless login. This would greatly increase security and user-friendliness. I can already use the function in my Devolutions Online account and I am delighted with it. Is this function perhaps already on the roadmap? Thank you and best regards 😊

I'm doing documentation for DR scenarios, and I can't find any information about how to regain access to an on-prem Devolutions Server instance if all admin accounts become inaccessible. I see the "Emergency procedure" on the page below, but that only addresses the case where a break glass account is accessible. Is there any method of recovering access if no account is accessible? Such as through SQL or through the OS? https://docs.devolutions.net/server/kb/knowledge-base/console-command-line-interface/ Thanks

I would like that SAML 2.0 or OIDC as an authentication method. We would like to use Onelogin as authenticator.

We are actually using RDM with Azure SQL Datasource and are evaluating the migration to Devolutions Server Datasource. I noticed that in Devolution Server Datasource the "Generate" Button does not exist. There is only the "Password generator". It would be nice to have that button also with Devolution Server Datasource. Regards [image] [image]

I see there is already an operator for syncing Devolutions Server credentials as Kubernetes secrets: https://github.com/Devolutions/dvls-kubernetes-operator I think another fantastic approach would be to integrate with the External Secrets Operator: https://external-secrets.io/ It has support for a number of other credential vaults and I would love to see Devolutions Server support.

I would like to be able to manage temporary access via the API (or alternatively Powershell), so we can automate and integrate this with our ticketing system (and other internal systems). Right now we have a webhook setup that will create a ticket, but we need to manually manage the access via RDM or other places. We want to automate this.

Good day Devolutions, We are trying to create a report for management, and for that reason we would like to include the information about the assigned licenses - per user. At the moment the license data is stored in the "Assigned" column in dbo.UserSecurity table, but it is encrypted.. Could you please make a solution so that we can display the assigned licenses information?

Hello. Our new group allows only delegated permissions on application registrations. We need to migrate to the group's tenant. Would it be doable for you to add authentication through Microsoft DELEGATED permissions ? [image] In the meantime, we will see how we handle that. Maybe we keep our tenant longer and go with guest from the group tenant and keep the app registration in our current tenant. Also, if the group search in the Microsoft authentication screen could be made to "search only" or load a subset of all the available groups that would be great. During our test, application permissions were added temporarily for testing, and the groups never loaded because after some minutes, it was still not completed. [image] Thank you and best regards. Marcel

Hi Devolutions Team, we’re currently using Devolutions Server as our data source in combination with Remote Desktop Manager for connection handling. We have a centralized, global "IT Vault" where no users have write permissions. All entries in this vault are maintained automatically through our system inventory and the DVLS API – this setup works flawlessly for us. However, we've noticed that some users still create their own connection entries in their personal User Vaults. We'd like to prevent this, as our intention is for User Vaults to only contain credential entries (e.g., personal credentials, 2FA tokens, etc.). Feature request: We’d like to request a feature that allows us to restrict the types of entries that users can create in their User Vaults – ideally configurable either globally or based on user groups. Specifically, we’d want to allow only credential entries in User Vaults, while blocking other types such as session/connection entries. Would this be possible to implement, or is there a workaround available for this use case? Thanks in advance for your consideration! Best regards, Sandro Widmann