Devolutions ForumDevolutions Forum

2022.1.13 2FA Duo behavior change

2022.1.13 2FA Duo behavior change

avatar
(user deleted)
Disabled

Hello,

I upgraded our Devolutions Server from 2021.2.X to 2022.1.13 this morning. For the most part, the upgrade went fine but we have discovered a new behavioral change.

On version 2021.2.X when we opened RDM client to connect it would immediately send the DUO push and users could authenticate with their phone app.

On version 2022.1.13 when we open RDM client it opens up a webpage and forces us to log into Devolutions after that it sends the DUO 2FA push.

Is this an intended behavioral change? Is there a way to set it back so that the RDM client will just immediately send a DUO 2FA without having to authenticate to the web?

We would prefer for our users to have to log in with their password every time they open RDM.

Thanks,

~jake

All Comments (4)

avatar
Richard Boisvert

Hello Jake,

Since the 2022.1 release, our engineering team has implemented OAuth federation which delivers a token on successful authentication on the DVLS web UI. DVLS will then transfer this token to RDM that states the user is properly authenticated. It offers a more secure method to identify the user and this will allow us to implement other external identity managers like Okta that should be available later this year. The consequence of this is that you cannot enter your password directly in RDM.

Once the password is entered, a token is created and it is valid for 1 day by default. In the 2022.2 release (in beta: https://forum.devolutions.net/topics/37615/version-2022230-june-20th-2022), you can add an option to disconnect the data source every time RDM is closed, meaning your user will need to authenticate every time they open RDM.

Best regards,

Richard Boisvert

avatar

Richard,

Thanks for the clarification. Is there a way to increase the token time beyond 1 day? Or is the only option to disconnect the data source every time in the beta?

Thanks,

~jake

avatar

Apologies, I should have gone looking before I asked that question. I did find the token timeout in the Advanced server settings.

Thank you for your help.

Best,

~jake

avatar
Richard Boisvert

Hello Jake,

Glad you found the setting; the refresh token can be configured for up to 30 days. Make sure you go in the Devolutions Server console and do a Stop Server / Start Server for the setting to be applied.

Best regards,

Richard Boisvert