WebUI unable to launch sessions using 'find by name (uservault)' that resolves to a PAM credential
WebUI unable to launch sessions using 'find by name (uservault)' that resolves to a PAM credential
1 vote
Hello,
In environments where an administrator has multiple privileged accounts, it is often necessary to set the credential attribute of an entry in a shared vault to 'find by name (uservault)'. For example, to search for 'My Domain1 Admin' or 'My Domain2 admin'. When these user vault entries are of type 'Devolutions Server Privileged Account' which link to a PAM credential, attempting to launch connections using WebUI that utilize these credentials fail with an error suggesting its unsupported. However, when a session is explicitly configured to use a specific PAM account it works, as does when the credential discovered by 'find by name' is not a PAM credential. It seems that WebUI does indeed support using both PAM credentials and 'find by name (uservault)' when used independently, but not when chained together.
Tested with DVLS 2025.2.10. Behavior is similar with Hub Business, although error message is different.
Additionally, chained PAM type credential entries cannot be created or edited in WebUI, even though 'Privileged Account' is a supported credential type for other session type entries (i.e. RDP).
Please let me know if you would like any additional info.
Thanks
Joe
63a4535c-4205-4469-bf85-ca4b7dc7c5e0.png
519c4ade-b802-41b4-9479-95412f0ea10e.png
All Comments (4)
Hi Joe,
That's a good observation.
It's known on our side, it occurs because "DVLS Privileged Account" entry types aren't supported in the web.
There's already an existing ticket on our side, and I've linked this forum thread to it. We'll let you know once it's implemented.
I'm also moving this thread to the feature request section.
Best regards,
Marc-Antoine Dubois
Marc-Antoine Dubois
sounds good, thank you Marc-Antione.
Hopefully they will enable support for both DVLS and Hub PAM creds chained with find by name.
Currently for deployments that extensively use find by name chained to PAM accounts, the WebUI is effectively unusable for session launches without creating duplicate entries that use a different credential setting. This could be averted to some degree if WebUI fell back to prompting for username/password when a credential type is unsupported.
Hi Joe,
I'll have a look on Monday, once the developers are back in the office.
It would be logical for us to support it both on DVLS and Hub Business, of course. The ticket I found internally is related to DVLS.
Best regards,
Marc-Antoine Dubois