Restrict built-in admin (custom Devolutions accounts) to login from localhost only

Hello,

We understand your concerns and plan to work on a much improved security policy engine as soon as we're done with implementing OpenId in our identity layer. The requests we've received are in the area of being able to increase/reduce login requirements based on IP, Geolocation, etc.

e.g.
if the client computer is on internal subnet (192.168.0.0, 10.10.0.0), do not ask 2FA.
if the client computer is using a public IP from a suspicious part of the world, add a few secret questions on top of 2FA

We'll discuss internally on the possibility of adding a patch just for localhost, add a feature to our console, or if its better to wait on our security policy engine.

Best regards,

Maurice, sorry for bumping an older thread here.
I have the same concern as Michael but from a different standpoint: I would like to secure DVLS by only allowing Azure AD authentication - but if something is not working with this authentication we have no path to take to make changes to the configuration. A bypass from the Devolutions Server Console to allow custom user login from localhost (configured on either the 'authentication modes' level in Administration > Server Settings > Authentication; or as Michael already suggested, on the user level combined with a bypass URL) would really help.

Considering the current (latest) release: in a scenario where the 'Authenticate with Devolutions Server custom user' authentication mode is disabled, what avenues are available to restore access in the event of Office365 user authentication mode issues (e.g. expired secrets, missing applications in Azure AD, etc.)?

Hello,

In the current release, a SQL statement would need to be run by the db owner. You can contact us as service@devolutions.net to get it as required.

We do want to add a command to the console, but its not done yet.