Feature Request

Hello. We would enjoy having the possibility to schedule a report based on tags set on entries. Example, we would like to create an automation to synchronize some entries to a different vault, and would set a deleted tag on the destination if the source disappears. Then we could see where there is a problem with such a report. Today we need to create a separate script for such a task. Thank you and best regards. Marcel

Hello. We have a issue that we would like to address. Users MUST use DUO MFA. Local Super Admin MUST use TOTP. In the current setting, this cannot be enforced. We would like to get the possibility to configure the MFA type within the access policy. We have an open ticket about this, which I will be happy to share in private (or ask Patrick about it). For example: [image] [image] Cheers. Marcel

[image] [image] Hello, We would like to request a feature regarding the X.509 entry type. In RDM, the certificate entry type is deprecated and the recommendation is to use the Certificate (X.509) entry type instead. However, we use DVLS to share certificates with external partners. But in DVLS, this x.509 entry type is really basic and nothing can be done with it. The certificate cannot be opened, saved, viewed... For now, I suggested to continue using the old certificate entry type but I don't want to lose any certificates and certificate info in the near future. Is it possible to consider this in a future release? Thanks Silvie

Hello. We would like to request a template for SNMPv3 secrets. The following fields: authentication (secret) authentication type (SHA, SHA512, etc.) privacy (secret) privacy type (AES256, etc.) Security (security) Obviously, this should also be available in RDM. Thank you. Marcel

Hello. We are using Entra ID authentication with DUO 2FA. The goal that want to achieve, is to use our standard authentication method (Entra ID) with additional security. We need our most valued data to be the most secure. It's also part of our ISO 27001 certification that we achieve that. The plan to add DUO was in thinking that we do not want to restrict Entra ID sessions to short session idle timeouts. But we need Devolutions Server to have something like 4 hours session idle timeout. We set that in the server, but it seems that's not the goal of that setting. We would like to achieve that a user who is idle over 4 hours, gets his session disconnected by the server , and that he needs to login again. Entra ID will have his session open, so it will seamlessly go to the 2FA step with DUO. This is not the case today, and we feel it's against our certification to have sessions that are kept alive over 60 hours. Thank you and best regards.

Hi In RDM when configuring a one-time password (OTP) for a website you can either create an OTP entry and link it to the website entry, or you can configure it directly in the website entry. The same can be done with the username and password. I would like to create a website entry with username, password and OTP in the same entry. In RDM it is shown like this [image] This makes sense that the field Credentials is Username and password because you type the username and password below. [image] It makes somewhat sense that the field Source is Configured because it's default None . In my opinion TOTP , OTP or One-time password would be better, because that is what you type below. Now we come to the even more strange part. On the web the same entry is shown like this. Credentials is Username and password . That makes sense. So far so good. [image] But here the OTP Source is Username and password [image] What? This doesn't make sense at all. One would think these field values would be the same for RDM and website. My guess is the Source values have been copied from the Credentails values when creating the UI for the website. DVLS version 2025.3.20.0 Same happens on 2026.2.4.5715 - Cloud Please align value names in RDM and website.

As the title suggests, it would be really good to see Devolutions introduce the ability to have the back-end database for a DVLS deployment be PostgreSQL instead of depending on Microsoft SQL Server. You've already made some headway by providing a method for DVLS itself to be installed on Linux as per Install Devolutions Server for Linux | Devolutions Server | Devolutions Documentation and ScriptLibrary/DVLSForLinux at main · Devolutions/ScriptLibrary -- but it would be fantastic to see it taken a step further. For self-hosted infrastructure that is air gapped and does not have direct internet access (i.e., has no potential to leverage Devolutions Workspace/Hub, or other SaaS components which require internet access, etc), this would drastically reduce the compute requirements for running a highly available and fault tolerant DVLS deployment in such an environment without cumbersome MSSQL servers with costly licensing requirements. Companies such as Veeam realized this a few years ago and have since transitioned to PostgreSQL being the preferred database type on greenfield deployments after more than two decades of Microsoft SQL Server Express (or Standard/Enterprise)~ being the defacto (and only) choice. While I don't necessarily expect that Devolutions would go down the same path as Veeam and deliver an entire pre-hardened, vendor-managed (STIG compliance), secure-by-design appliance such as with the newer Veeam Software Appliance ( Veeam Software Appliance: Fast, Secure, and Simplified ) (though, I would love it if Devolutions were considering or working on something like this), simply adding PostgreSQL as a supported database type for hosting the Devolutions Server (DVLS) database would be a really big improvement that we would be excited to see.

Il serait bien d'etre en mesure de supprimer plusieurs attachement d'un coup sans les sélectionner une a une. Discuté avec votre support déja et ce n'est pas faisable sauf a l'unité. [image]

[image] Il serait bien de voir les élévations octroyé dans les rapports. Nous avons un superviseur de la sécurité qui adorerais le feature car plusieurs vérification sont fait mensuellement sur qui et pourquoi tel ou tel élévation a été demandé. Il est présentement possible de le voir seulement en cliquant sur l'oeuil ou en allant voir plus loin dans le méssage (not user friendly).

Summary When performing a PAM checkout, RDM allows configuring a delay to ensure replication completes before the credential is used. Currently this delay is applied on every checkout request. I'd like the delay to only be enforced on the first checkout. As long as the JIT (just-in-time) elevation is still in place and the user still has an active checkout, the delay should be skipped on subsequent requests, since replication has already occurred and waiting again is unnecessary. Current behavior The configured replication delay is applied on each checkout request, regardless of whether the user already has an active/valid checkout and the JIT elevation is still present. Proposed behavior Apply the replication delay only on the initial checkout. On any subsequent checkout request, if the JIT elevation is still active and the user is still checked out, skip the delay and grant access immediately. Benefit Avoids redundant waiting time on repeated checkouts when replication has already completed, improving the user experience without compromising the replication guarantee.

Nos approbateurs nous ont fait remarqué qu'au moment ou une demande d'approbation est envoyé ce serais bien de savoir elle a été envoyé a qui. Par exemple si je suis full admin je vois qu'il y a une demande mais ca ne me dit pas a qui (ce qui serais vraiment utile au cas ou un approbateur ne fais pas sont travail). [image]

Hello everyone, Now that I have activated the MFA for all our users on the Devolutions Server, it happens from time to time that it has to be reset for a user. Is it possible that not only the Devolutions Server administrators can reset this MFA? For example, I can assign the storage of licenses to a user or a user group. Is this also possible for the “ Users MFA reset status ”? I have not found a setting for this. Or should I create a feature request? Thanks in advance Alex

Hi! When installing DVLS updates there's two small things I noticed 1. When the update is installed and the scheduler service is stopped, admin users immediately receive alert notifocations (emails) with "Scheduler - Offline" and "Scheduler - No standby scheduler available". Could you add a delay to these alerts? Usually the scheduler will be up again within a few minutes during a update or a system reboot. I think the alert should only be triggered if the scheduler is unavailable for an extended period, like an hour for example. 2. I think the order of operations during the update installation process is wrong: Right now the application is stopped before the files are downloaded and extracted. Depending on bandwidth this could take some time. The files could be downloaded and extracted before the application is stopped, to reduce downtime. This would also improve error handling when the download fails for some reason. [image] Thank you! Best regards, Daniel

Dear Devolutions-Team, after some troubleshooting with William (Devolutions) today, we found out that MaxMind GeoLite does not seem to be supported and that the paid version is required. I'd like to inquire if it would be possible to enable the MaxMind features with the GeoLite version, as from what I can tell, only the API URL is different (Referencing "Flexibility" on this page GeoLite2 Web Service: Free IP Geolocation API , without reading up into the docs in detail, I might be wrong here!). As we would like to only use it for very few queries yearly (presumably <100) on only a few select users (external collaberators), we'd be very glad if that was an option. Thank you & best regards, MG

Summary Currently it appears that you cannot explicitly grant "Connect/View" permissions on a sub-entry without also granting "View" permission on the parent folder containing that entry. I'd like to be able to permission an individual entry directly, so a user can see and connect to only that specific entry, without being granted read access to the parent folder (and by extension visibility of the folder's other contents). Example Folder: SERVER Entry: SVC-1 Entry: SVC-2 Entry: SVC-3 The user should be able to view and connect to SVC-2 only — not SVC-1, not SVC-3, and ideally without needing broad read access on the SERVER folder itself. Current behavior To grant "Connect/View" on a sub-entry, the user must also be given "View" on the parent folder, which exposes the folder structure and potentially other entries. Proposed behavior Allow assigning "Connect/View" permissions directly on an individual entry, independent of the parent folder's permissions. The folder would surface only as the minimal path needed to reach the permitted entry, without granting visibility into its other contents. Benefit Enables true least-privilege access at the entry level, avoiding over-provisioning of folder-level read access just to expose a single entry.

A Devolutions server-side option to enforce the setting Workspace app → Settings → Security and Privacy → Clipboard. The default setting is to never remove sensitive data from the clipboard. As a business application, this would be a good standard to have enabled and to be able to enforce on users. As a security-focused application, this should at least be enabled by default and preferably also be enforceable.

A Devolutions server-side option to enforce the browser extension compare type to a specific value. This setting is located on a website entry in RDM → Properties → General → Browser Extension tab. This one is less of a security-focused request and more about functionality. Our users gave feedback that the best compare type in their experience is “Compare regex with URL domain.” Currently, this cannot be enforced.

Bonjour, Je souhaite soumettre une demande de fonctionnalité concernant les rapports planifiés (Scheduled Reports) dans Devolutions Server / Remote Desktop Manager suivant une discussion avec vos techniciens au support. Actuellement, seuls les administrateurs peuvent créer ou gérer cette fonctionnalité. Il n’existe aucune permission système permettant de déléguer l’accès ou la gestion des rapports planifiés à d’autres utilisateurs ou groupes spécifiques. Dans plusieurs environnements, cette limitation complique les opérations puisque certaines équipes (support, sécurité, gestion des accès, audits, etc.) doivent pouvoir : créer leurs propres rapports planifiés ; modifier ou consulter les rapports existants ; recevoir automatiquement certains rapports ; gérer cette fonctionnalité sans devoir obtenir des droits administrateur complets. Demande : Ajouter une ou plusieurs permissions granulaires permettant de : autoriser l’utilisation des Scheduled Reports ; déléguer la gestion des rapports planifiés ; contrôler l’accès par rôle ou groupe d’utilisateurs. Cela permettrait une meilleure délégation des tâches et améliorerait la gestion des accès dans les environnements d’entreprise. Merci.

Hello, Here is our requirement: We need to allow authentication requests without MFA from within the company’s internal network. MFA should only be required when accessing from outside the organization or from unsecured networks. In Devolutions Server, it does not seem possible to create MFA rules based on IP ranges or subnets. Could you implement the ability to authorize IPv4 and IPv6 subnets in the MFA rules? Examples: 1.1.1.0/24 172.30.20.0/24 2001:67c:11c8::/64 Thank you in advance.

Hello, is there a way to use YubiKey offline (i.e. the server has no internet connection) as a second factor when logging in from the Remote Desktop manager.

Hello there, it would be great to allow DVLS Groups to be members of other DVLS Groups. It would help us to simplify a role based access control where one group is a permission-group and another group a role-group that is member of the permission-group. [image] Thank you very much!

Hi there Is there a way for getting notified by the action "Entry Export"? We have only a few admins which are allowed to export entries, but it would be nice when there is a way to get notified on entry export action. Thank you.

A few requests in order of importance to me I think it would be great to be able to enable "dynamic resize" in web RDP sessions by default: [image] Also, would it be possible to have the top bar be auto hiding and have it appear on mouse hover? I've seen other web RDP solutions implement something similar as a floating button that expands on hover. I think that extra bit of screen real estate on the top would make a huge difference, especially on smaller laptop screens. And finally, would it be possible to have an option to open the connection in a new tab? I think this would be a great for that extra screen real estate without having to go full screen. Thank you so much for the consideration. This is a great suite of products and I am a huge fan.

Hello all, Following a chat with support, it was suggested to create a feature request. This is something that you do with the Business Hub solution. Having an option where entries in a vault are "locked" behind some added security measure. In a SSO environment, using the DVLS Workspace, every entry stored in a vault (user or shared) is available. In some cases, mostly dealing with highly confidential credentials, we think it would be important to have an extra security step. Whether it's asking for the user password again, expiring/refreshing the MFA token or using a pin code. Thanks,

Hello. Our new group allows only delegated permissions on application registrations. We need to migrate to the group's tenant. Would it be doable for you to add authentication through Microsoft DELEGATED permissions ? [image] In the meantime, we will see how we handle that. Maybe we keep our tenant longer and go with guest from the group tenant and keep the app registration in our current tenant. Also, if the group search in the Microsoft authentication screen could be made to "search only" or load a subset of all the available groups that would be great. During our test, application permissions were added temporarily for testing, and the groups never loaded because after some minutes, it was still not completed. [image] Thank you and best regards. Marcel