DPS console - missing 2FA setup - both general settings and user 2FA setup
DPS console - missing 2FA setup - both general settings and user 2FA setup
Hi
The DPS console does not have 2FA setup anymore, found it in the web interface?
What is the plan regarding the DPS console?
It seems weird that we need to be able to log into the web interface, if 2FA is failing.
The DPS console ealier allowed for 2FA reset on the server desktop without needing to login with a 2FA protected devolutions user.
As I understand, the web interface requires login with a devolutions user and we don't want a user without 2FA with admin access from the web frontend.
Regards
Michael
All Comments (3)
Hello,
The console as you know it is being replaced. It was a huge monolithic application that had tight coupling with Remote Desktop Manager and it caused maintenance issues on our end.
Also, with the rise of : infrastructure as code / devops / containers, it meant that we needed to better support scripted installations and offer a completely unattended setup.
We have created a new pair of executables, the DPS.Console.Cli.exe and DPS.Console.Gui.exe. As you can probably guess, the Gui is simply a tool to generate a response file that is then used by the Cli. In v2020.2 (beta soon...) you will notice that the console executable has been renamed DPS.Console.legacy.exe (not the shortcut, just the exe). This is to warn our users that the change is coming, and it will most likely not be distributed in v2020.3.
To prepare for that, we had to ensure that ALL of the settings that were managed by the legacy console were also present in the Web Interface. As soon as they were present in the web, we removed them from the console the next release.
Having done that, we realize that we also need to rework our admin section in the web interface. We were planning a rework of that whole dashboard this spring, but its slipping and may only be done for the next release.
I hope that answers your concerns, I realize that grasping all this from a bunch of release notes and a roadmap is hard. We will surely write a blog paired with the release of 2020.2,
Best regards,
Maurice
Okay, fair enough.
I just hope you remember to have som way of to login from localhost only, to be able to reset 2FA
Let says 2FA is down and from the web we only allow users with 2FA to log in.
We would never want an admin user to be able to log into the web interface without 2FA, unless it was from the localhost.
So one of the following would help:
- Make it possible to restrict a user to only login to the web interface from localhost
- Make it possible to administer user logins and reset 2FA some other way from the localhost
Today it is actually possible to use DPS concole to control users and 2FA without logging in with a devolutions user, local administrator on the server is enough.
This is probably the best way to solve issues with user logins etc, because the login procedure is not a dependency when admin tasks are being made to DPS.
Option 2 would be a lot like how it is today.
Regards
Michael
Hello,
In fact, we've created another user type that can ONLY act as a DPS sysadmin, we are fine tuning it as we speak, be assured that when we delete the legacy console your workflow will be included.
Thanks for taking the time to write this up!
Best regards,
Maurice