Forum / Devolutions Password Server - Feature Request

configurable 2-factor authorisation while opening a session

  • Create an Issue
  • Cancel

Hi,

is it planned to implement a 2 factor (in fact yubikey) authorisation while connecting to a session with a shared credential? So the access to a credential is every time authorized by the second factor.

Regards Bernd.

Clock3 yrs

Hello Together,

to make this more clear:

I wish you would implement a checkbox on the credential Dialogs with the name “authorize access to credential with 2FA”, which means someone must have a 2FA available (ex. yubikey) while viewing/using/changing a credential in the Datasource.

I think this would improve the security of special accounts because you need something in your hand while accessing/using a credential.

In my personal opinion this should also available in the private vault.

Regards, Bernd.

Clock3 yrs

Hello,

We already have 2FA on the application itself, and on the data sources.

How would you suggest we configure this to keep it simple? Would it be tied to the "My account settings" area or would you require a unique 2FA for each entry?

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock3 yrs

Hello Maurice,

we disscussed that Topic in the Team and we think it would be the best to configure the 2FA on the credential site.

Not all Credentials are worth to be protected by 2FA, so I think the best way would be to do this on each Credential Entry. So we could choose wich Credentials should be protected be 2FA and which not.

The protection of the application and the data source are to globally, because we have several colleages which do not use 2FA, because the only have 5-10 non critically Entrys in the Data Source. Same Situation for the application Start ....

Regards, Bernd.

Clock3 yrs

Hello,

David has thought of a solution and has added it to the TODO list. I cannot say when it will be delivered though. I cannot even give you a ballpark estimate.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock3 yrs

Hi, I accidentally posted this same request in the RDM forum, but meant it to be here before I noticed this.
https://forum.devolutions.net/messages.aspx?TopicID=24862&MessageID=91428#post91428

I too would rather have two factor on the object level. Maybe the object or group has an option for 'Require Recent 2FA' . Somewhere 'Recent' would be defined in minutes or seconds as a timeout period before you would have re-type your 2FA Code when opening back to back sessions. Once implemented, I'd also like not enroll, but not require 2FA for authentication. 80% of our entries rely on the operator to key in their username/password so exposing session information details isn't an issue. It's the sessions that link to credentials or sessions that are high-value (accounting) that we'd like to require recent 2FA validation on.

Clock3 yrs

is this already possible?

Clock6 days

Hello,
Unfortunately it's not available right now.

Regards

David Hervieux

signaturesignature

Clock4 days

Hi,

Is it still on the to-do list?

Clock4 days

Yes but we have to do some internal changes before.

Regards

David Hervieux

signaturesignature

Clock4 days

Hello,

For future reference, this is our ticket number DPS-2507.

This is a major change and we cannot promise when we will implement this change, but its now being tracked and reviewed regularly.

Best regards,



Maurice Côté

Customers that use Devolutions Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock4 days