Establish connection with Devolutions Server with MFA in automation script
Establish connection with Devolutions Server with MFA in automation script
Dear Devolutions Community,
I am working on a PowerShell script that changes the Windows local Administration Password and updates its corresponding Devolutions-Server entry.
Updating worked thanks to Richard Boisvert's Code snipped: https://forum.devolutions.net/topics/40149/change-password#180696
But I manually logged in before with this command: New-DSSession -BaseURI "Your/DVLS/Instance/URL" -UseOAuth
What is the recommended way of authentication when we have MFA enforced? Creating a user without MFA or is there a way to automate that into a script?
All Comments (5)
Hello,
The recommended method is to use an Application Key and grant it permissions on vaults and/or entries.
Let us know if that helps.
Best regards,
Érica Poirier
Thank you very much for your answer.
How would the the New-DSSession Command look like with using Application Key and Application Secret
I cannot find any Sample or Description how to access with these two parameters.
I think I have it, just use Key and Secret as Username, Password in a Credential Object like described in the Examples when you use Get-Help New-DSSession -Full
Hello,
Thank you for your feedback and that's great you have managed how to use the Application key and its secret key as the username and password.
Another method would be to store this information in the environment variables and use them in your scripts like these samples.
https://github.com/Devolutions/devolutions-server/blob/main/Powershell%20Module/Samples/SetEnvironmentVariables.ps1
https://github.com/Devolutions/devolutions-server/blob/main/Powershell%20Module/Samples/CloneDSEntry.ps1
Let us know if that helps.
Best regards,
Érica Poirier
Hello,
Thank you for your feedback.
In addition to the vault's access, the Application key needs at least View and Edit permissions on the root folders and/or folders.
Let us know if that helps.
Best regards,
Érica Poirier