Feature Request

Feature Request

Request new features for Devolutions Server.

Newest

Most active

Most votes

avatar

Maxim Robert

Backlog

Allow users with the Password Policies permission to edit generator templates

CLIENT REQUEST We noticed that only administrators can currently create or edit password generator templates/policies, even for users who have been granted the "password policies" permission, which seems intended to allow exactly that. One of our users mentioned that this was possible for non-admins before. Could this be restored/enabled so that users with the appropriate permission can actually manage password generator templates without needing full admin rights?

0

11

0

avatar

dave1

Adding the Delinea integration to the web interface of DVLS

Hi Devolutions team We would like to request that Delinea integration is added to the web interface of the DVLS. The reason for this is that our supporting partners and vendors could use web interface, and seamlessly retrieve/inject passwords from the Delinea secret server. This would give us the benefit of: Faster onboarding of a partner Partner does not need to maintain the lifecycle of the RDM/Launcher Partner does not need to "follow" our major version updates of the platform

1

32

1

avatar

François Dubois

avatar

silviedullaers

More functionalities in DVLS for Certificate (X.509) entry type

[image] [image] Hello, We would like to request a feature regarding the X.509 entry type. In RDM, the certificate entry type is deprecated and the recommendation is to use the Certificate (X.509) entry type instead. However, we use DVLS to share certificates with external partners. But in DVLS, this x.509 entry type is really basic and nothing can be done with it. The certificate cannot be opened, saved, viewed... For now, I suggested to continue using the old certificate entry type but I don't want to lose any certificates and certificate info in the near future. Is it possible to consider this in a future release? Thanks Silvie

2

53

2

avatar

Marc-Andre Bouchard

avatar

thibaut-Koesio

DSSO Okta

Bonjour, Une demande concernant l'intégration de Devolutions server - RDM et okta. Nous avons plusieurs application qui s'authentifie avec OKTA et quand nous avons validé une première authentification les suivante ne redemande pas de refaire toute la chaine de connexion (mdp + mfa) Est il possible de faire en sorte que lorsque la personne est validée sur une application par okta, Rdm ne redemande pas le mot de passe, mais envoi directement le push pour garder la sécurité mais gagner en souplesse vis a vis du mot de passe ? Actuellement, quelque soit le moment nous devons refaire l'authentification complète même si on vient de valider une autre application. Difficile d'expliquer correctement par écrit.

1

40

4

avatar

thibaut-Koesio

avatar

schif

Full customization capabilities on secret templates

Hello, To be able to fully customize a secret, eg. create entry templates with fully customized tabs - fields - checkboxes - requirements - required. There are many entry templates available but none of the entries fully fill our expectations and the lack of customization makes it a bit difficult. Currently we can only add custom fields (text/password) on a normally hidden tab that is only visible in advanced view. If there are "required" fields there then the user with simplified view can't even find it. Any other item would also be nice --> checkbox /dropdown menu Ideally we would love to be able to adapt the General tab to cater to our exact setup (adding checkboxes and dropdown menu's as well) Screenshot : 1: to be able to customize table (rename/add/remove) 2: to be able to customize tabe(rename/remove/add) 3: Customize entries --> customize titles 4: Customize fields --> add remove custom fields --> add checkbox / add password field / add dropdown menu with values (from Devolutions itself like Users or custom) / required yes or no 5: Fully customize table --> Default entries/ hide tabs / remove unused tabs [image]

1

29

1

avatar

Marc-Andre Bouchard

avatar

ITOTGuy

Export Vault to CSV or Excel

Devolutions Server currently allows exporting of a vault to an RDM files, but it does not allow exporting to any additional formats. RDM allows for exporting a vault to a number of different file formats. On a routine basis we need to export credentials for clients and customers for them to have hard copies to securely store at their facilities and comply with different requirements. Currently that process involves either a very tedious and manual copy and paste or purchasing RDM to allow us to perform the exports. Please implement the same export vault to CSV or Excel functionality that exists in RDM into Devolutions Server. Also, when initially researching and purchasing the product, I found references to methods to export. I later found out that even the API methods mentioned required purchasing RDM to function. RDM is also expensive just for this single function.

1

33

1

avatar

Marc-Andre Bouchard

avatar

micheleschelfi

Generic OIDC/SAML client for SSO login

Good morning, I am configuring a new DVLS 2026.2 environment. Our company needs to implement an SSO authentication process to allow users to authenticate to the Devolutions Server datasource from Remote Desktop Manager (RDM). From the options currently available in the administrative settings, I can see dedicated configuration sections for Okta and PingOne. Unfortunately, we do not use either of these platforms and would need the ability to configure a generic OIDC or SAML client instead. Ideally, this integration should also support the import and synchronization of users and groups. Is there already a way to achieve this today? If not, would it be possible to consider implementing this functionality in one of the upcoming releases? Thank you.

1

35

2

avatar

micheleschelfi

avatar

miccol

Sync licenses with Entra ID group membership

If I'm missing something, i apologize, otherwise I'd like to have something along the lines of the following: All users in our organization are able to access Devolutions Server via SSO and most don't have the need for any other license than WFM. We administer our licenses via en Entra ID group that has been enabled for auto-assign...my issue is when a user logs on to Devolutions Server prior to being a member of the Entra group that grants a license for e.g. Devolutions Launcher...The fact that I then add them to the Entra ID group does nothing within Devolutions. Would it not be possible to enable some sort of sync from Entra ID that runs at an interval? That way I would be able to simply add the user to the Entra group and wait 5-10-15 minutes for the sync to happen and then a license is added to the user. Hope the above makes sense :) Thanks.

1

24

1

avatar

Luc Fauvel

avatar

jp2000

Grant permissions on sub-entries without requiring read access on parent folders

Summary Currently it appears that you cannot explicitly grant "Connect/View" permissions on a sub-entry without also granting "View" permission on the parent folder containing that entry. I'd like to be able to permission an individual entry directly, so a user can see and connect to only that specific entry, without being granted read access to the parent folder (and by extension visibility of the folder's other contents). Example Folder: SERVER Entry: SVC-1 Entry: SVC-2 Entry: SVC-3 The user should be able to view and connect to SVC-2 only — not SVC-1, not SVC-3, and ideally without needing broad read access on the SERVER folder itself. Current behavior To grant "Connect/View" on a sub-entry, the user must also be given "View" on the parent folder, which exposes the folder structure and potentially other entries. Proposed behavior Allow assigning "Connect/View" permissions directly on an individual entry, independent of the parent folder's permissions. The folder would surface only as the minimal path needed to reach the permitted entry, without granting visibility into its other contents. Benefit Enables true least-privilege access at the entry level, avoiding over-provisioning of folder-level read access just to expose a single entry.

4

86

3

avatar

François Dubois

avatar

maximetremblay

Ajustement automatique de la largeur des colonnes dans les demandes d'accès temporaire

Nous souhaitons soumettre une demande d'amélioration concernant l'affichage de la page des Demandes d'accès temporaire dans Devolutions Server 2026.1 . Actuellement, la largeur des colonnes semble fixe, ce qui fait en sorte que certaines informations importantes, notamment le Nom de la connexion , sont tronquées alors qu'il reste de l'espace disponible dans la grille. Nous avons également constaté que si l'on dézoome le navigateur , les colonnes s'ajustent correctement et le contenu devient entièrement visible. Cela laisse croire que le comportement pourrait être amélioré afin que les colonnes utilisent automatiquement l'espace disponible, sans dépendre du niveau de zoom.

2

28

1

avatar

Simon Arsenault

avatar

support59

Expand Custom Field Options - Entry Templates - Devolutions Server

Please expand the data types available in custom fields. Common secrets people want to protect include the following which would be solvable by having a custom field data type that accepts a file attachment and stores in the DB as an encrypted blob. All of these field types would be addressed by allowing a custom field to be a blob/binary DB storage type. For performance/ease of implementation, I would recommend ~1MB size cap for this type of data, especially since customers can choose to zip/7z/rar/etc before uploading it. Configuration file backups that include passwords and other sensitive data Public/Private key pairs License files for software File-based encryption settings for app configurations API tokens/Azure service principal keys The SSH Keys template seems to have the ability to upload files, tho I would like to see an option to have it kept as a file rather than turned into data in a text field after upload. There are numerous storage formants for sensitive data, and not all of them are text (like a base-64 key pair is), so being able to truly upload a file for secure storage would be ideal.

1

50

3

avatar

Sébastien Aubin

avatar

Marcel Gerber

Schedule a report based on entries tag(s)

Hello. We would enjoy having the possibility to schedule a report based on tags set on entries. Example, we would like to create an automation to synchronize some entries to a different vault, and would set a deleted tag on the destination if the source disappears. Then we could see where there is a problem with such a report. Today we need to create a separate script for such a task. Thank you and best regards. Marcel

1

46

1

avatar

Marc-Andre Bouchard

avatar

Marcel Gerber

Set MFA type in conditional access policies

Hello. We have a issue that we would like to address. Users MUST use DUO MFA. Local Super Admin MUST use TOTP. In the current setting, this cannot be enforced. We would like to get the possibility to configure the MFA type within the access policy. We have an open ticket about this, which I will be happy to share in private (or ask Patrick about it). For example: [image] [image] Cheers. Marcel

1

50

1

avatar

Marc-Andre Bouchard

avatar

Marcel Gerber

Template for SNMPv3

Hello. We would like to request a template for SNMPv3 secrets. The following fields: authentication (secret) authentication type (SHA, SHA512, etc.) privacy (secret) privacy type (AES256, etc.) Security (security) Obviously, this should also be available in RDM. Thank you. Marcel

2

368

11

avatar

Hubert Mireault

avatar

Marcel Gerber

Resolved Implemented

Authentication and Session Idle Timeout

Hello. We are using Entra ID authentication with DUO 2FA. The goal that want to achieve, is to use our standard authentication method (Entra ID) with additional security. We need our most valued data to be the most secure. It's also part of our ISO 27001 certification that we achieve that. The plan to add DUO was in thinking that we do not want to restrict Entra ID sessions to short session idle timeouts. But we need Devolutions Server to have something like 4 hours session idle timeout. We set that in the server, but it seems that's not the goal of that setting. We would like to achieve that a user who is idle over 4 hours, gets his session disconnected by the server , and that he needs to login again. Entra ID will have his session open, so it will seamlessly go to the 2FA step with DUO. This is not the case today, and we feel it's against our certification to have sessions that are kept alive over 60 hours. Thank you and best regards.

Recommended Answer

24 days ago

Hello Marcel, Good news on this one: the "On close" and "On idle" disconnection options for the Password Manager browser extension have been implemented in a recent version. You can configure them here [image] Apologies for not coming back to update this topic once it shipped. Don't hesitate to let me know if the behavior matches what you were looking for. Best regards,

1

811

11

avatar

François Dubois

avatar

IT

Website entry OTP source confusing name

Hi In RDM when configuring a one-time password (OTP) for a website you can either create an OTP entry and link it to the website entry, or you can configure it directly in the website entry. The same can be done with the username and password. I would like to create a website entry with username, password and OTP in the same entry. In RDM it is shown like this [image] This makes sense that the field Credentials is Username and password because you type the username and password below. [image] It makes somewhat sense that the field Source is Configured because it's default None . In my opinion TOTP , OTP or One-time password would be better, because that is what you type below. Now we come to the even more strange part. On the web the same entry is shown like this. Credentials is Username and password . That makes sense. So far so good. [image] But here the OTP Source is Username and password [image] What? This doesn't make sense at all. One would think these field values would be the same for RDM and website. My guess is the Source values have been copied from the Credentails values when creating the UI for the website. DVLS version 2025.3.20.0 Same happens on 2026.2.4.5715 - Cloud Please align value names in RDM and website.

1

56

2

avatar

Hubert Mireault

avatar

kevz

PostgreSQL as a Database for Devolutions Server (DVLS)

As the title suggests, it would be really good to see Devolutions introduce the ability to have the back-end database for a DVLS deployment be PostgreSQL instead of depending on Microsoft SQL Server. You've already made some headway by providing a method for DVLS itself to be installed on Linux as per Install Devolutions Server for Linux | Devolutions Server | Devolutions Documentation and ScriptLibrary/DVLSForLinux at main · Devolutions/ScriptLibrary -- but it would be fantastic to see it taken a step further. For self-hosted infrastructure that is air gapped and does not have direct internet access (i.e., has no potential to leverage Devolutions Workspace/Hub, or other SaaS components which require internet access, etc), this would drastically reduce the compute requirements for running a highly available and fault tolerant DVLS deployment in such an environment without cumbersome MSSQL servers with costly licensing requirements. Companies such as Veeam realized this a few years ago and have since transitioned to PostgreSQL being the preferred database type on greenfield deployments after more than two decades of Microsoft SQL Server Express (or Standard/Enterprise)~ being the defacto (and only) choice. While I don't necessarily expect that Devolutions would go down the same path as Veeam and deliver an entire pre-hardened, vendor-managed (STIG compliance), secure-by-design appliance such as with the newer Veeam Software Appliance ( Veeam Software Appliance: Fast, Secure, and Simplified ) (though, I would love it if Devolutions were considering or working on something like this), simply adding PostgreSQL as a supported database type for hosting the Devolutions Server (DVLS) database would be a really big improvement that we would be excited to see.

2

69

1

avatar

Marc-André Moreau

avatar

maximetremblay

Suppression multiple attachement

Il serait bien d'etre en mesure de supprimer plusieurs attachement d'un coup sans les sélectionner une a une. Discuté avec votre support déja et ce n'est pas faisable sauf a l'unité. [image]

1

96

3

avatar

François Dubois

avatar

maximetremblay

Implemented

Voir l'élévation demandé dans le rapport

[image] Il serait bien de voir les élévations octroyé dans les rapports. Nous avons un superviseur de la sécurité qui adorerais le feature car plusieurs vérification sont fait mensuellement sur qui et pourquoi tel ou tel élévation a été demandé. Il est présentement possible de le voir seulement en cliquant sur l'oeuil ou en allant voir plus loin dans le méssage (not user friendly).

1

82

2

avatar

maximetremblay

avatar

jp2000

Skip PAM checkout replication delay on subsequent checkouts while access is still active

Summary When performing a PAM checkout, RDM allows configuring a delay to ensure replication completes before the credential is used. Currently this delay is applied on every checkout request. I'd like the delay to only be enforced on the first checkout. As long as the JIT (just-in-time) elevation is still in place and the user still has an active checkout, the delay should be skipped on subsequent requests, since replication has already occurred and waiting again is unnecessary. Current behavior The configured replication delay is applied on each checkout request, regardless of whether the user already has an active/valid checkout and the JIT elevation is still present. Proposed behavior Apply the replication delay only on the initial checkout. On any subsequent checkout request, if the JIT elevation is still active and the user is still checked out, skip the delay and grant access immediately. Benefit Avoids redundant waiting time on repeated checkouts when replication has already completed, improving the user experience without compromising the replication guarantee.

1

90

1

avatar

Luc Fauvel

avatar

maximetremblay

Implemented

Voir a qui une demande d'approbation a été envoyé

Nos approbateurs nous ont fait remarqué qu'au moment ou une demande d'approbation est envoyé ce serais bien de savoir elle a été envoyé a qui. Par exemple si je suis full admin je vois qu'il y a une demande mais ca ne me dit pas a qui (ce qui serais vraiment utile au cas ou un approbateur ne fais pas sont travail). [image]

1

92

1

avatar

Simon Leroux

avatar

AlexMoucha

System permissions for "Users MFA reset status"

Hello everyone, Now that I have activated the MFA for all our users on the Devolutions Server, it happens from time to time that it has to be reset for a user. Is it possible that not only the Devolutions Server administrators can reset this MFA? For example, I can assign the storage of licenses to a user or a user group. Is this also possible for the “ Users MFA reset status ”? I have not found a setting for this. Or should I create a feature request? Thanks in advance Alex

Recommended Answer

a year ago

Hello, Thank you for the feedback. It looks like I was blind and never noticed that menu before. I verified and there are no permission options for this menu. I will move this thread to the feature request section. Best regards,

0

458

4

avatar

AlexMoucha

avatar

Daniel Albrecht

Improve DVLS update installation workflow

Hi! When installing DVLS updates there's two small things I noticed 1. When the update is installed and the scheduler service is stopped, admin users immediately receive alert notifocations (emails) with "Scheduler - Offline" and "Scheduler - No standby scheduler available". Could you add a delay to these alerts? Usually the scheduler will be up again within a few minutes during a update or a system reboot. I think the alert should only be triggered if the scheduler is unavailable for an extended period, like an hour for example. 2. I think the order of operations during the update installation process is wrong: Right now the application is stopped before the files are downloaded and extracted. Depending on bandwidth this could take some time. The files could be downloaded and extracted before the application is stopped, to reduce downtime. This would also improve error handling when the download fails for some reason. [image] Thank you! Best regards, Daniel

2

113

1

avatar

Marc-Andre Bouchard

avatar

matejgalic

Resolved Implemented

Conditional Access with MaxMind GeoLite

Dear Devolutions-Team, after some troubleshooting with William (Devolutions) today, we found out that MaxMind GeoLite does not seem to be supported and that the paid version is required. I'd like to inquire if it would be possible to enable the MaxMind features with the GeoLite version, as from what I can tell, only the API URL is different (Referencing "Flexibility" on this page GeoLite2 Web Service: Free IP Geolocation API , without reading up into the docs in detail, I might be wrong here!). As we would like to only use it for very few queries yearly (presumably <100) on only a few select users (external collaberators), we'd be very glad if that was an option. Thank you & best regards, MG

Recommended Answer

a month ago

Hello, Thank you for being so patient! I am pleased to inform you that the issue has been resolved in the latest Devolutions server version (2026.2.4.0): https://docs.devolutions.net/server/getting-started/installation/upgrade-server We also recommend that you first perform the update in a staging/test environment: https://docs.devolutions.net/server/kb/how-to-articles/create-server-staging-instance We also offer free upgrade sessions, during which we will update your Devolutions Server instance together. If you are interested in this, please send an email to service@devolutions.net If you have any further questions, please don't hesitate to let us know. Best regards,

1

231

4

avatar

Maxim Robert

avatar

bvervoort

option to enforce clipboard settings

A Devolutions server-side option to enforce the setting Workspace app → Settings → Security and Privacy → Clipboard. The default setting is to never remove sensitive data from the clipboard. As a business application, this would be a good standard to have enabled and to be able to enforce on users. As a security-focused application, this should at least be enabled by default and preferably also be enforceable.

1

92

1

avatar

Sébastien Aubin

1 - 25 of 585 items