Devolutions PAM

Hi jol , Thank you for reaching out, we've had checkout extensions on our list of features for a while now. I can't provide an ETA currently, but we do plan on implementing them in the future. Cheers,

Feature Request

Luc Fauvel

Published 5 days ago

Different Checkout Policies for TIER Elevation JIT

Hi maximetremblay , Thank you for reaching out, we actually do have plans to enable more flexibility with which checkout policies are applied upon multiple different conditions. We’ll have more news regarding this in the later half of 2026. Cheers,

Feature Request

maximetremblay

Published 5 days ago

Different Checkout Policies for TIER Elevation JIT

Hi, For security purposes, it would be nice to be able to set different checkout policies on different tier elevation for the JIT solution. I don't want the same checkout policies for someone who elevates T0 as domain admin than the one who elevates DHCP admin T1. In my opinion i believe it would be better like this for your product, and your customer !

Feature Request

maximetremblay

Published 8 days ago

Heartbeat and Password Rotation Failures on Accounts in Protected Users Group

Hi, We wont disable LDAPS and yes we still face the issue. We may have another workaround thanks for the update.

Support

Erica Poirier

Published 8 days ago

Heartbeat and Password Rotation Failures on Accounts in Protected Users Group

Hello maximetremblay , Thank you for your feedback. The fix should be applied to LDAPS in version 2025.3.12.0 as mentioned in the release notes. In the meantime, as Paul mentioned above, the workaround is to disable LDAPS if it is still not working, which should fix the issue. Don't worry, LDAP connections are still internally encrypted by the SASL protocol when using Kerberos. Do you get the same error message on version 2025.3.15.0 as the one mentioned in the first message of this thread? If it's not the same one, please post the error message you get. Best regards,

Support

jol

Published 8 days ago

Extend check out and see when automatic check in will happen

It will be nice on pam/jit accounts to get the possibility in RDM to extend a checkout if fx a technician have check out the account for 4 hours and the task is taking longer then it sould be possible to extend the check out so the account is not deleted in the AD and also it will be nice with the possibility to have a counter or possibility to see when auto check in will happen.

Feature Request

William Alphonso

Published 9 days ago

Password rotation time different than configured

Hello, Thank you for the clarification and the screenshots. Based on what you shared, this no longer appears to be a timezone display issue. The PAM account is configured with a password rotation schedule of 1 day at 05:00 , while the Logs tab on the same account shows the password reset executing at 03:00 on multiple days. Since you also confirmed that the workstation, Devolutions Server, and audit tool are all using the same timezone, this points to a discrepancy in the scheduling behaviour within Devolutions Server itself. You are currently running Devolutions Server 2026.1.7.0 , which is a recent version, but not the latest available build in the 2026.1 release line. As a first validation step, I recommend testing on the latest available version. If the behaviour still occurs after updating, we will treat this as a product issue and escalate it further. In that case, the screenshots you already provided showing: the configured password rotation schedule, and the actual execution time in the PAM account logs will be the right evidence to support that escalation. Best regards,

Support

maximetremblay

Published 13 days ago

Heartbeat and Password Rotation Failures on Accounts in Protected Users Group

Hello, Thank you for being so patient! I am pleased to inform you that the issue has been resolved in the latest Devolutions server version (2025.3.12.0): https://docs.devolutions.net/server/getting-started/installation/upgrade-server We also recommend that you first perform the update in a staging/test environment: https://docs.devolutions.net/server/kb/how-to-articles/create-server-staging-instance Please let us know if this works or if you encounter any issues. Best regards, Maxim Robert Hi, Is this issue fixed while using LDAPS with protected user ? Cause we are facing this issue on our side in 3.15.

Support

hjbos

Published 13 days ago

Password rotation time different than configured

Hi William, I checked the timezones of my workstation. This is correct and the same as the timezone in Devolutions Server. Also the timezone in our audit tool is the same. I also made an Active Directory change and checked the time in this tool and this was the exact time as I made the change. When I check the logs tab on the user in Devolutions it's saying the PAM reset is executed at 03:00 so there is something wrong in Devolutions: [image] [image]

Support

Luc Fauvel

Published 14 days ago

Feature Request: Native Active Directory Bridge for Linux/Unix/macOS (AD Bridge)

Hi sindhupotnuru , Thanks for the request. Building a native AD Bridge into Devolutions PAM isn't something we're planning to do. This is a mature problem space with dedicated solutions that already handle it well, and we'd rather integrate with those than rebuild them. SSSD (built into most Linux distros), Winbind, or other commercial options. Once your systems are joined via one of these, Devolutions PAM layers on top for privileged access management, session recording, and credential lifecycle. Your three requirements — identity consolidation, UID/GID mapping, and instant offboarding — are all handled at the OS level by these tools. AD account disablement propagates automatically. Devolutions PAM handles what comes after. Cheers,

Feature Request

Alexandre Bélisle

Published 18 days ago

New provider FortiNet (FortiOS/FortiGate)

A customer is asking if it's possible to add a new PAM Provider to manage FortiNet appliances privileged accounts

Feature Request

William Alphonso

Published 19 days ago

Password rotation time different than configured

Hello, Thank you for the confirmation. Since both your Devolutions Server timezone setting and the Windows timezone on the server host are configured as (UTC +01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna , this does not appear to be a simple server-side timezone mismatch. Before concluding that the rotation itself is running at the wrong time, I would like to rule out how the timestamps are being displayed in the different interfaces you are using. Could you please confirm the following: The timezone on the workstation from which you are viewing the Devolutions Server web interface Whether the time shown in the Devolutions Server web interface is expected to be in server time or local browser/workstation time in your environment The timezone used by the Active Directory audit tool you are referencing If possible, the corresponding timestamp from the Windows Event Viewer on the server hosting Devolutions Server at the time of one of the password rotations The goal here is to confirm whether: the password rotation is actually executing late, or the different tools are simply displaying the event time using different timezone contexts. Since you are on Devolutions Server 2026.1.7.0 , I would still recommend updating to the latest supported build and retesting afterward, as several password rotation and scheduler-related fixes have been made in more recent versions. Best regards,

Support

sindhupotnuru

Published 19 days ago

Feature Request: Native Active Directory Bridge for Linux/Unix/macOS (AD Bridge)

We would like to request an AD Bridge feature for Devolutions PAM. We need a native way to join non-Windows systems to Active Directory to eliminate local account management. Key Requirements: Identity Consolidation: Allow AD users to log into Linux/Unix/macOS natively via PAM integration. Centralized UID/GID Mapping: Manage Unix attributes directly within the Devolutions/AD environment. Instant Offboarding: Automatically revoke Linux access the moment an AD account is disabled.

Feature Request

hjbos

Published 19 days ago

Password rotation time different than configured

Hi William, My previous post was not right. There are still wrong scheduletimes with password rotation. Here are the answers to your questions: Devolutions Server 2026.1.7.0 (UTC +01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna (UTC +01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna

Support

bryan_ricciardo

Published 21 days ago

Password heartbeat via sudo

I want to add I think this is an important request, it would be required for root passwords along with local service or application accounts. In our case these accounts are audited by internal and external auditors and are required to be restricted from remote login.

Feature Request

William Alphonso

Published a month ago

Password rotation time different than configured

Hello, Thank you for the additional details — that observation about the schedule correcting itself after a restart is very helpful. At this point, we don’t have enough evidence to confirm the exact root cause or whether this behaviour is expected or a defect, especially around daylight saving time handling. The fact that restarting the scheduler temporarily resolves the issue suggests there may be a timing or caching inconsistency, but we need more data to validate this. To move this forward, I’d like to gather a bit more information: The exact version of your Devolutions Server The timezone configured under Administration > System Settings > General > Time-based usage The Windows timezone on the server hosting Devolutions Server Confirmation of when the DST change occurred vs when the schedule started drifting If possible, a short extract of logs around a rotation event before and after restarting the scheduler Regarding your question: at the moment, there is no built-in mechanism to automatically resync the scheduler after a DST change without a restart. Once we have the information above, we can determine whether this is a known limitation, a configuration issue, or something we need to escalate further. Best regards,

Support

hjbos

Published a month ago

Password rotation time different than configured

Hi William, I think this information is important: when I reset the scheduler after summer/wintertime reset the scheduletime is correct again. Is there a way to auto fix this without restarting the scheduler?

Support

Luc Fauvel

Published a month ago

Limited PAM Administrator

Hi pplevesque , We're currently working on providing more granular permission control in terms of PAM management and PAM vaults. I can't currently provide an ETA, but we're hoping to get this in users hands soon. Cheers,

Feature Request

William Alphonso

Published a month ago

Password rotation time different than configured

Hello, Thank you for your feedback. Would it be possible to confirm this information: The version of your Devolutions Server The timezone configured under Administration > System Settings > General > Time-based usage The timezone on the Windows server hosting the Devolutions Server Best regards,

Support

hjbos

Published a month ago

Password rotation time different than configured

Hi William, This is still not fixed. It seems this is related to summer/wintertime.

Support

External resources

Devolutions Documentation

Status Page

Technical SupportEmail : service@devolutions.netPhone : + 1 844 463.0419