Enhanced security - Force lock vault after x time

Hi, can you please tell me which Workspace app you are using?

Right now we have an 'inactivity lock' feature with Hub Business but it locks the entire vault not just the entries. For the mobile and Desktop apps we can implement something similar to Hub with the DVLS settings 'Automatically logout idle users after (minutes)' in Administration -> Server settings -> Advanced. But keep in mind that it will lock the entire vault like Hub not juste the entries. So you'll be able to navigate the Workspace app but not access the DVLS Space until you-authenticate yourself. Does that make sense to you?

As of now, you can setup security settings on the entire app if you want to secure your data. It's not exactly what I think you're looking for but it will keep your entries behind a PIN code or a biometric lock.

Best regards,

Hi, can you please tell me which Workspace app you are using?

Right now we have an 'inactivity lock' feature with Hub Business but it locks the entire vault not just the entries. For the mobile and Desktop apps we can implement something similar to Hub with the DVLS settings 'Automatically logout idle users after (minutes)' in Administration -> Server settings -> Advanced. But keep in mind that it will lock the entire vault like Hub not juste the entries. So you'll be able to navigate the Workspace app but not access the DVLS Space until you-authenticate yourself. Does that make sense to you?

As of now, you can setup security settings on the entire app if you want to secure your data. It's not exactly what I think you're looking for but it will keep your entries behind a PIN code or a biometric lock.

Best regards,

Sorry, I should have specified. We are using the web browser plugin only. We are not using the desktop app or the mobile app.

Hi,

Similar to Hub Business, you can configure the “Automatically log out idle users after (minutes)” setting when using the Devolutions Workspace Browser Extension connected to a DVLS. When connected, the extension will also follow the “Automatically log out idle users after (minutes)” setting, which can be configured in Administration → Server Settings → Advanced within the DVLS Web interface.

This parameter applies both to the web interface and the browser extension.

For more details:
https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/advanced/

Best regards,

Thank you, Olivier.

We already have that configured. While we could shorten the timer, it doesn't exactly prevent anything since we use SSO for employee logins with the workspace plugin. A simple click and we're back in.

The reason for our initial request is to mitigate the following risk: the loss or theft of an employee's laptop, or the hijacking of an employee's browsing session. In such a scenario, a malicious actor could still access the login information stored in a vault. The risk is low, but it cannot be completely ruled out.

Hi,

Do you mean having a “Require password/MFA/re-authentication” setting in entries? This would mean that before accessing the overview, copying the username/password/OTP, or autofilling/executing an entry, the user would need to re-enter their password/MFA/re-authenticate.

Best regards,

That's exactly it yes. Having the possibility to assign this behavior only to specified entries. Requesting a new MFA authentication sounds ideal for our specific use case.

Hello,

Thank you for your interest in that feature. It is something that we would like to improve short/mid term. We wanted to add that feature in our PAM first when a user has to checkout a PAM account. We could think to enable a such feature when we launch any session, but that could be later. We are currently planning our next development cycle, but I don't think we will work on that for our next version, but could be right after. We will post back here once we have an update.

Best regards,