Feature Request

We are currently moving from DVLS to Hub and have noticed there is no way to easy import user vaults. We have many users that do not use RDM or have access to other tools and have tried to export from DVLS, which exports as .RDM-file. Which cannot be imported to the Hub.

Hello, While working on a SIEM integration for Devolutions, I’ve encountered several limitations regarding the Get-HubSiemLogs command. Since the solution currently cannot directly connect to a SIEM for live log forwarding, I started exploring possible automation approaches and noticed several issues related to how logs are generated and structured. Identified issues : The Data field appears to be encrypted, and no information is available about its content or decoding process. The UserIpAddress field always returns the class name Devolutions.Hub.Clients.LogIpAddress instead of the actual IP address. There is no clear way to identify the user who triggered the event — only their internal account ID is shown. There is no log severity level (e.g., INFO, WARN, ERROR), which makes it difficult to filter or prioritize log events. Would it be possible to consider improving the log structure to address the points listed above? A dditional feature requests : Real-time log streaming : It would be very useful to have a feature similar to the Linux tail -f command, allowing continuous and real-time log monitoring. Currently, the only available options are “Weekly” and “Daily” log packages, which are not practical for active monitoring of a critical service like Devolutions Hub. Log forwarding capability : For the SaaS version, could you add an option to forward logs to an external application using an authentication key? In our case, we use Sekoia, which doesn’t have a native intake for Devolutions yet — but we could build one, provided we can receive logs directly from your platform. Thank you in advance for your attention to these points and for considering these improvements. Please let me know if you need additional details or examples from my current integration tests. Kind regards.

Hello Devolutions team, We would like to submit a feature request regarding user activation/validation in Devolutions Hub Business when using Microsoft Entra ID. Summary In our environment (Ville de Saguenay), we need to onboard a group of Entra ID users (about ~50) who do not have mailboxes and therefore cannot receive validation emails . Currently, after a period of time (we were told ~30 days), the user must validate their Devolutions account and an email is sent to complete the validation. This becomes a blocker for these users since they will never receive email. Current behavior / problem We can add Entra ID users to Hub Business and they can initially authenticate. After the grace period, the platform requires a Devolutions account validation that relies on sending an email. Users without mailboxes cannot complete this step, so they lose access / cannot access the Hub. Why this matters Many organizations have service accounts, kiosk/shared workstation users, or specific security contexts where identities exist in Entra ID but no email mailbox is provisioned . Requiring email-based validation prevents us from using Hub for these users and complicates enterprise onboarding. Requested enhancement (options) Any of the following would solve the issue (in order of preference): Admin validation/approval flow (no email required) Allow a Hub admin to validate/activate a user account from the admin portal. For example: “Pending validation” → Admin clicks “Validate/Activate”. Disable email validation requirement for Entra ID (SSO) tenants If the user authenticates via Entra ID (OIDC/SAML), allow bypassing the Devolutions email validation requirement. Alternative validation method Validate via an admin-generated one-time code shown in the Hub UI (not sent by email), or Validate via another communication method configurable by the tenant (SMS, etc.). Tenant-level policy A setting such as: “Require Devolutions email validation: On/Off” Or “Require validation after X days: configurable/disable”. Expected result Users who authenticate successfully through Entra ID should be able to remain active and access Hub even if they do not have an email mailbox, using an admin-controlled validation method or an SSO-based validation approach. If needed, we can provide additional details about our setup and use case

Hello, Can we please get the ability to send requests for temporary access to more than a single approver at a time? There're situations in life like sick days, vacations, days off, g eneral unavailability and these requests sometime 'sit' for days... It would be nice to have a fallback or a secondary person receiving them at the same time. [image]

Hello, I would like admins to be able to disable the export functionality for a User's personal vault. ideally i would like to set this as default for the whole system/tennant. thanks in advance!

We would like to be able to manage temporary access via the API so that we can integrate it with our existing systems (like ticketing system). Right now we use a webhook to create a ticket when access is requested, but we need to manually grant the access via RDM or other platforms. We would like to make an API call to automate this. As this is the primary reason we are using this product (giving temporary access to our clients to our servers) we would like to see an API addition.

Hello Devolutions Team and Community, I would like to submit a feature request related to permission granularity in Devolutions Hub Business , specifically regarding segregation of duties for credential management. Use case In our environment, we need a group of users who are allowed to: Create entries Edit existing entries View passwords and sensitive data Manage attachments and documentation Edit VPN / Tunnel / Gateway configurations However, these users must not be able to delete entries . This is a very common requirement for environments with: Segregation of duties Audit and compliance controls Change management policies Credential lifecycle governance Current behavior We understand and confirm that: Entries inherit permissions from the vault (and optionally folder/entry overrides), regardless of who created the entry. Vault-level custom permissions allow granular control. However: There is currently no built-in role in Hub Business that allows Add + Edit while fully preventing Delete in a clear and enforceable way. The closest role, Privileged Operators , grants delete permissions, which is not acceptable for this scenario. Relying on complex inheritance combinations makes the permission model harder to audit and reason about. Feature request Introduce a dedicated role or explicit permission model that allows: Create and edit entries Full read access to credentials and sensitive fields Explicit and guaranteed prevention of entry deletion This could be implemented as: A new built-in role, or A more explicit separation between Edit and Delete actions with strict enforcement Business value This enhancement would: Improve security posture Simplify permission audits Support compliance frameworks (ISO 27001, SOC 2, etc.) Reduce the risk of accidental or unauthorized deletions Thank you for considering this request. I believe this feature would benefit many organizations using Devolutions Hub Business in regulated or enterprise environments. Best regards, Edson Eduardo Caetano Junior NOC, IT & Infrastructure Projects Manager

When we enforced SSO for our admin users on Devolutions Hub Business, we were adviced to create an application identity with admin level access to our business hub so we could connect via Powershell and disable SSO enforcement in case of emergency. We did that and wanted to "lock down" the public IP addresses that are allowed to sign into the Powershell API. Sadly we realized that - as of now - only one IP(v4) address per application identity can be whitelisted (automatically during first powershell connection). Since we have multiple offices and each offices has one to two WAN connections with different public IPs, we would like the ability to (manually) whitelist more than one IP(v4) address per application identity.

We want to update our users to specific versions via Settings in our Business HUB. On the SQL Database version, it was possible to set it to a minimum, so our users would get prompted on next RDM start. We don't want to use the 'always build new MSI and deploy it' method. It interrupts our users while they work and can be buggy.

After exporting our vaults from the server version and import into Hub, we have noticed many entries have lost their customfields where we have stored data which can no longer be accessed via the Hub. So we have kept our old devolution password server online. The bare minimum for me would be to be able to migrate 1 to 1 between your own services which we cant 100% do, when theres a few entries that dont even exist in Hub but do in password server, and fields are not shows. An example of this is old certificate entry, in hub the entries are just called document after import. Custom fields are shown when viewing the entries in RDM and connected to the Hub, so the data have been imported they just need to be shown. Connection-String as an entry cannot be added in Hub as a new entry, but old ones have been imported so the entry type exist since it recognize it as "Connection-String"-type.

Hello, I'm posting this feature improvement following a discussion I had with a customer. They're in the process of moving from Devolutions Server to Hub Business and they would like to have the possibility to auto-assign Remote Desktop Manager licenses to specific user groups. This is the interface we currently have in Devolutions Server: [image] If you're interested in seeing this change, please show your interest in this thread. Best regards,

I'd like the ability to open a link to our servers directly from the password vault via file explorer. So i can link a vault to the project folder related to it. I understand that the "file explorer entry type" is already available in RDM, but not in the HUB.

Greetings, Would it be possible to add support for sending alerts in the Business Hub for changes to security settings (System/Administration/Configuration et Security) like the state of SSO or provisioning please? For example: SSO Enforcement is On Sam changes SSO Enforcement to Off E-mail alert (like the account login alert) is sent to configured contact/group: "SSO Enforcement [image] has been turned Off by Sam on MM-DD-YYYY HH:mm"

Hello. I was wondering if there is any possibility to get the Passphrase option included for the Generator, instead of just the built-in random characters: [image] I have Workspace installed mainly to utilize the Passphrase Generator option, as there are more and more sites now that limit the complex characters used. And, with there being no real way to Exclude special characters without going in and typing them for each and every different website that has complex characters excluded (one may be the % sign, where another site will accept % but won't accept @, but another website will accept none of those and also won't accept ^, etc. etc.). Thanks! [image]

Hello. We would like to export all vaults, including all file attachments , daily as JSON or RDM as an emergency backup, so that we can import them into another data source at any time. Thanks, Daniel

Hello, Would it be possible to resolve entries named as $PARENT_NAME$ when accessing favorites in the Hub WebUI please? Thanks Joe [image]

Bonjour, Ce serait bien si Hub était à parité avec RDM pour le support des variables. En ce moment, Hub affiche le nom de la variable plutôt que de la résoudre. [image] Merci de considérer ma suggestion.

I would like to see a feature that let me, for example , import an ip-address list. For Example im from austria and wanted to only allow austrian ip-addresses to access my Business Hub. Austria has a total of 11,312,640 IP address assigned. Thats a long time to input them all. And if i define the Ranges its only a bit shorter to work. But, i would have the possibility to get the Ranges as csv from Austria IP Address Ranges (ip2location.com) And now comes the Problem :) The file himself don't write the ranges into the Hub-settings. Plz create me/us a posible way to import ip-adresses/ip-ranges into the Secuity-Settings [image]

Hi Team, I am aware that we can set the 'IP Allow List' to control access to our Business Hub, but I would like to request the addition of GeoIP support for more granular control. Specifically, we would like the ability to whitelist or blacklist access by geographical regions. For example, we would like to automatically block all continents apart from Europe, while allowing access from specific countries/regions. This feature would greatly enhance our security measures and streamline access management. Thank you for considering this request.

Hello, It would be nice to have a copy button on every field in the web-browser like it is in the Workspace app. Regards, Yves

Please, I didn't find any option to make sure new user has « Allow offline » option by default. It would be useful if it was possible. Thanks.

Is it possible to hide specific Entry Types in Hub for Business? I know that this exists in RDM but couldn't find it in Hub Business? We don't need that Cryptocurrency and Firearms entry and would like to hide that in all Vaults. Or did i just didn't find that option?

Every time RDM finds itself in another network or after a disconnect, It re-authenticates against RDM Hub by launching the default web browser and forces us to log into our RDM account. Although this is mainly painless as the web browser is already authenticated, this takes away the focus from RDM every time a network change occurs. As RDM is a tool for engineers who are working in a network and potentially purposefully change networks quite often, they find their work interrupted every time networks are switching. There must be a better way. It should be possible to reauthenticate in the background somehow or optionally, lower the requirements so that sessions are kept between network switches. This affects, by the way, not only engineers switching networks, but everybody who is traveling by train where connections can get lost quite often.

Hi, In the Passphrase generator there are 2 dictionaries, English and French. Would it be possible to implement a way to add your own localized dictionary there?

Would be good if the Importer would be able to use the Hubs selected authentication. We have setup Azure SSO and force it, no other user can export because they need to login with devolution accounts, which non of them have at the moment.