Devolutions ForumDevolutions Forum

RDM - Active Directory integrations

RDM - Active Directory integrations

avatar
jeffrey01

Checking in to see if there have been any improvements with the AD integrations with recent versions. Historically, (and maybe I am doing it wrong) you need to go into the administration and create a new RDM user and "link" it to the user's AD account. Then assign the RDM account to an RDM role.

Is it possible to "link" an AD security group to the RDM role so that any member of the group basically has the same access? This would require little ongoing user administration in RDM. Set and forget once the roles and AD groups have been linked.

All Comments (10)

avatar
Ben05

Interesting... would be nice for us as well..
but the users should get a private vault / user vault after logging in ...

Regards, Ben

avatar
Maurice Côté

Hello,

That's a feature that we offer only when pairing RDM with Devolutions Server.

Granting access as you describe allows you to connect to the database using any tool, this is not the most secure approach, and is not compliant with more stringent requirements.

We realize that many of our community are comfortable with that approach, its just that historically we've considered AD Group Binding an "advanced" scenario and therefore we kept it in our Server product. Add to this that we are seeing a significant adoption of Azure AD, an even more complex integration most would agree, it reduces even more the chance that we would add the feature to plain RDM.

Best regards,

Maurice

avatar
jeffrey01

Unfortunately, we leverage an alternative PAM vendor, which negates the use of the devolutions server. This issue is one of the biggest blocks to wider adoption of the tool throughout our company.

Anyone come up with creative solutions/workarounds?

avatar
Maurice Côté

The PAM module of Devolutions is not at the heart of the solution, we work with all the big PAM players and our server is involved for AD integration only.

That being said, some users have created powershell scripts to ensure user permissions reflect membership of an AD group, if you keep it at the Vault level it’s simple enough

Maurice

avatar
jeffrey01

Without Devolutions Server how do you accomplish the advertised bullet point?

https://remotedesktopmanager.com/compare

User administration:
Integrated role management mapped to the Active Directory Groups.

avatar
Jeff Dagenais

Hello,

It's not possible to accomplish this without using Devolutions Server as the backend datasource.
We have a specific use case for this scenario
https://cdndevolutions.blob.core.windows.net/documents/use-case/use-case-remote-desktop-manager-active-directory-en.pdf

I opened a ticket to our web team to have the website adjusted properly.

Sorry for the misleading information.

Best regards,

Jeff Dagenais

avatar
jeffrey01

Are there any talks of Devolutions Server 'Lite' - just the AD features. The price point of Server doubles the cost of RDM.

avatar
David Hervieux

Hello,
I can't give you a timeframe but it's definitively something we want to do.

Regards

David Hervieux

avatar
Clemens Schittenberger

hi David,
without having checked the release notes, are there any updates on this topic?

Thanks!

Regards
Clemens

avatar
Richard Boisvert

Hello Clemens,

Version 2021.2.8 introduced a free version of Devolutions Server, but it contains the following limitation:

  • available for 3 users / 100 entries


Best regards,

Richard Boisvert