Containerized browser sessions
0 vote
Every year, I come back and check to see if this feature is implemented yet, and it hasn't been so I'm circling back again. I want to purchase RDM for my team but without this one feature, it doesn't make sense for us.
We are an MSP, and we are 100% cloud and remote team focused. We work with orgs who don't have servers, offices, or branches and as such we have little need of the RDP or jump host/VPN or agent-based features of RDM. What we do use EXTENSIVELY are web-based admin consoles.
We have several hundred customers, each with their own admin consoles for Microsoft, Google, Adobe, Apple Business Manager, whatever and there are a few possible approaches to managing them.
- Incognito sessions each time you want to sign into a customer's admin account.
- Separate chrome/edge profiles for each customer and switch between them, as necessary.
- Sandboxie with containerized browser executables.
- Firefox "Multi Account Containers" https://github.com/mozilla/multi-account-containers#readme
The last of those is the one with the best feature set for working this way. You can have many tabs open, each within its own color-coded container label on the tab. Each container has its own session tokens and cookies and there are also some functionally weak areas of that solution e.g. You can't sort by alphanumeric and there is no nesting in the list of containers.
I'd really love it if the PAM capabilities and organization capabilities of RDM and its family could be used similarly. e.g. when creating a website entry, having a checkbox to 'container' the browser session. And maybe to include a string entry to name the container so that the containerized session could be used with other website entries, and another checkbox to make the container 'disk resident' (persistant) or temporary (deletes the cache on session close).
Let's set aside any multitenant partner admin consoles for the moment, I am aware they exist and use them heavily, but there are some things that delegated admin can't do. Microsoft is coming along with GDAP but even with it, some things still require global admin (licensing, converting a mailbox to shared, many SharePoint Admin tasks, etc.)
If anyone has any ideas about what I could be doing to solve this problem or if there is a pre-existing browser container function in RDM that I am missing, please let me know!
Thanks.
All Comments (3)
Hello,
I would like to know if you're aiming to use the 'embedded' browsers within RDM, or opening them externally and using Devolutions Web Login?
If you're using the embedded browsers, did you try using the Chrome browser? It has a setting for "private session (incognito)" which should 'containerize' this entry to have its own cache and be independent of other website entries using the chrome engine. Perhaps this could help you achieve what you're looking for, or at least be closer to it, and we could go from there with further improvements.
Regards,
Hubert Mireault
Hi Hubert, thanks for the suggestion. Yes, I have been using embedded chrome off and on. It's missing a few elements though, mostly concerning speed and having to download graphic assets for every session launch instead of using a pre-defined cache for each container and being able to reuse previously downloaded assets and cookies. Trivial things like injecting MFA every launch instead of having a session cookie set for it add up over the course of a day. Multiple techs doing this all day every day is many gigabytes of wasted downloads and time.
I'd prefer to continue using embedded browsers (ideally Edge) so that I can keep my techs in a single pane as much as possible but have those cookies and downloaded graphics get cached.
I have investigated launching custom command line sessions while passing browser flags to 'skip first run experience' and set a cache location.
start msedge https://admin.microsoft.com --profile-directory=TestProfile1 --user-data-dir=c:\temp\TestEdgeUser --no-first-run
and start msedge https://admin.microsoft.com --profile-directory=TestProfile2 --user-data-dir=c:\temp\TestEdgeUser --no-first-run
It didn't work exactly as hoped (odd rendering of pages and a few other quirks).
I'll be patient and continue hoping the team comes up with something.
Thanks.
Hello Adam,
In our latest Beta version we have added profiles for Embedded Edge entries. Maybe you could try out that version and see if it works for what you're trying to do?
Just one note, unfortunately the WebView2 control (which the .NET control used to simulate Edge in embedded) does not allow to reuse profiles that exist on your external Edge. So for example, if you have "Profile1" on your machine's external Edge, if you configure "Profile1" as the profile in RDM, it will be a different profile with that same name. Confusing, but it's a limitation of the control for now.
Regards,
Hubert Mireault